To render in Git webviews as-is, to make it easier to edit, verify,
and to sync up with curl.
- add options to not build the `.3` man pages:
- autotools: `--disable-docs`
- cmake: `LIBSSH2_BUILD_DOCS=OFF`
- building `.3` man pages requires Perl after this patch.
- drop `mansyntax` and the shell / `grep` / GNU `man` tool requirements with it.
- scripts and most logic were copied from curl.
- add `cd2nroff` from curl, with edits to relax curl-specific checks.
- used `nroff2cd` (from curl) to convert from `.3` to `.md`. Then
manually fixed copyrights, inline function references and a couple
of other things.
Credits-to: Daniel Stenberg
Ref: eefcc1bda4
Ref: https://github.com/curl/curl/pull/12730
Ref: https://github.com/libssh2/www/issues/25#issuecomment-3289431671Closes#1660
- add `./configure` option `--enable-ecdsa-wincng`
- add WinCNG autotools jobs to GHA.
- enable WinCNG ECDSA in some GHA jobs (both CMake and autotools).
Follow-up to 3e72343737#1315Closes#1368
Originally added to improve build performance by skipping building
tests. But, there seems to be no point in this, because autotools
doesn't build tests by default, unless explicitly invoking
`make check`.
Delete this option from Cygwin and FreeBSD CI tests, where it caused
`make check` to do nothing. Tests are built now, and runtime tests are
too, where supported.
Also disable Docker-based tests for these, and add a missing `make -j3`
for FreeBSD.
Reverts 7483edfada#715Closes#1271
The following APIs have been deprecated for over 10 years and
use `LIBSSH2_NO_DEPRECATED` to mark them as deprecated:
libssh2_session_startup()
libssh2_banner_set()
libssh2_channel_receive_window_adjust()
libssh2_channel_handle_extended_data()
libssh2_scp_recv()
Add these options to disable them:
- autotools: `--disable-deprecated`
- cmake: `-DLIBSSH2_NO_DEPRECATED=ON`
- `CPPFLAGS`: `-DLIBSSH2_NO_DEPRECATED`
Fixes#1259
Replaces #1260
Co-authored-by: Viktor Szakats
Closes#1267
- Fix explicitly selecting WinCNG in autotools cross-builds by moving
`windows.h` header check before the WinCNG availability check.
Follow-up to d43b8d9b0b
Reported-by: Jack L
Fixes#1186
- Add Linux -> mingw-w64 cross-builds for autotools and CMake. This
doesn't detect #1186, because that happened when explicitly specifying
WinCNG via `--with-crypto=wincng`, but not when falling back to WinCNG
by default.
- autotools: fix to strip suffix from gcc version
Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu
may return `n-win32` (also with `-dumpfullversion`). Causing these
errors and failing to enable picky warnings:
```
../configure: line 23845: test: : integer expression expected
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6263453828/job/17007893718#step:5:143
Fix that by stripping any dash-suffix.
gcc version detection is still half broken because we translate '10'
to '10.10' because `cut -d. -f2` returns the first word if the
delimiter missing.
More possible `-dumpversion` output: `10-posix`, `10-win32`,
`9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0`
Ref: https://github.com/mamedev/mame/pull/9767Closes#1187
Use existing MSYS2 section and extend it with builds for the MSYS
environment with both autotools and cmake.
MSYS builds resemble Cygwin ones: The env is Unixy, where Windows
headers are all available but we don't use them.
Also:
- extend existing autotools logic for Cygwin to skip detecting
`windows.h` for MSYS targets too.
- require `windows.h` for the WinCNG backend in autotools. Before this
patch, autotools allowed selecting WinCNG on the Cygwin and MSYS
platforms, but the builds then fell apart due to the resulting mixed
Unixy + Windowsy environment. The general expectation for Cygwin/MSYS
builds is not to use the Windows API directly in them.
- stop manually selecting the `MSYS Makefiles` CMake generator for
MSYS2-based GHA CI builds. mingw-w64 builds work fine without it, but
it broke MSYS build which use `Unix Makefiles`. Deleting this setting
fixes all build flavours.
Closes#1162
- prefix with `LIBSSH2_PC_`
- match with the names of `pkg-config` values.
- use the same names in autotools and CMake scripts.
- use `LIBSSH2_VERSION` for the version number in autotools scripts,
to match the name used in CMake.
Closes#1125
Adapted for libssh2 from the curl commit message by James Le Cuirot:
"A project built entirely statically will call `pkg-config` with
`--static`, which utilises the `Libs.private:` field. Conversely it will
not use `--static` when not being built entirely statically, even if
there is only a static build of libssh2 available. This will most
likely cause the build to fail due to underlinking unless we merge the
`Libs:` fields.
Consider that this is what the Meson build system does when it generates
`pkg-config` files."
This patch extends the above to `Requires:`, to mirror `Libs:` with
`pkg-config` package names.
Follow-up to 1209c16d93#1114
Ref: https://github.com/libssh2/libssh2/pull/1114#issuecomment-1634334809
Ref: 98e5904165
Ref: https://github.com/curl/curl/pull/5373Closes#1119
In `Requires*:`, the documented name separator is comma. We already used
it in the CMake-generated `libssh2.pc`. Adjust the autotools-generated
one to use it too, instead of spaces.
Ref: https://linux.die.net/man/1/pkg-config
Ref: d97db4fae4/pkg-config.1Closes#1124
- All files have prominent copyright and SPDX identifier
- If not embedded in the file, in the .reuse/dep5 file
- All used licenses are in LICENSES/ (not shipped in tarballs)
- A new REUSE CI job verify that all files are OK
Assisted-by: Viktor Szakats
Closes#1084
We repositioned crypto libs in 4f0f4bff5a
via #941 and subsequently in d4f58f0343
from d93ccf4901 via #1013.
This patch moves libz accordingly, to unbreak certain build scenarios.
Reported-by: Kenneth Davidson
Regression from 4f0f4bff5a#941Fixes#1075Closes#1077
autotools:
- `--disable-docker-tests`
- `--disable-sshd-tests`
cmake:
- `RUN_DOCKER_TESTS`
- `RUN_SSHD_TESTS`
Update automake and ci to use this new flag and delete former logic
of relying on Windows detection and `HOST_WINDOWS`. Also fix honoring
this when running `test_read_algos.test`.
This allows to disable these individually and on per-CI/local-job basis.
To run as much tests as the env allows.
Cherry-picked from #1017
- update `AC_HELP_STRING' to 'AS_HELP_STRING`:
```
configure.ac:[...]: warning: The macro `AC_HELP_STRING' is obsolete.
```
"AC_HELP_STRING is deprecated in 2.70+ and I believe AS_HELP_STRING works
already since 2.59 so bump the minimum required version to that."
Ref: a59f046116
- simplify to avoid:
```
src/Makefile.inc:48: warning: variable 'EXTRA_DIST_SOURCES' is defined but no program or
src/Makefile.inc:48: library has 'DIST' as canonical name (possible typo)
```
Regression from 2c18b6fc8d
- `AC_TRY_LINK`/`AC_TRY_COMPILE`:
```
configure.ac:335: warning: The macro `AC_TRY_COMPILE' is obsolete.
configure.ac:335: warning: The macro `AC_TRY_LINK' is obsolete.
```
- `libtool`-related ones:
```
configure.ac:70: warning: The macro `AC_LIBTOOL_WIN32_DLL' is obsolete.
configure.ac:70: warning: AC_LIBTOOL_WIN32_DLL: Remove this warning and the call to _LT_SET_OPTION when you
configure.ac:70: put the 'win32-dll' option into LT_INIT's first parameter.
configure.ac:71: warning: The macro `AC_PROG_LIBTOOL' is obsolete.
```
Using code copied from curl:
9ce7eee070/m4/xc-lt-iface.m4 (L157-L163)
- delete commented and obsolete `AC_HEADER_STDC`.
- formatting.
Most cherry-picked from `autoupdate` updates.
Cherry-picked from #1017Closes#1021
Add macOS CI jobs, both cmake and autotools for all supported crypto
backends (except BoringSSL), with debug, zlib enabled. Without running
tests. It also introduces OpenSSL 1.1 into the CI with a non-MSVC
compiler.
Credits to curl's `macos.yml`, that I used as a base.
Fix these issues uncovered by the new tests:
- openssl: fix warning when built with wolfSSL, or OpenSSL 1.1 and
earlier. CI missed it because apparently the only OpenSSL 1.1 test
we had used MSVC, which did not complain.
```
../src/openssl.c:3852:19: error: variable 'sslError' set but not used [-Werror,-Wunused-but-set-variable]
unsigned long sslError;
^
```
Regression from 097c8f0dae
- pem: add hack to build without MD5 crypto-backend support.
The Homebrew wolfSSL build comes with MD5 support disabled. We can
expect this becoming the norm. FIPS also requires MD5 disabled.
We deleted the same hack from `hostkey.c` a month ago:
ad6aae302a
A better fix would be to guard the MD5 logic with our `LIBSSH2_MD5`
macro.
```
pem.c:214:32: error: use of undeclared identifier 'MD5_DIGEST_LENGTH'; did you mean 'SHA_DIGEST_LENGTH'?
unsigned char secret[2*MD5_DIGEST_LENGTH];
^~~~~~~~~~~~~~~~~
SHA_DIGEST_LENGTH
```
Regression from 386e012292
- `configure.ac`: add crypto libs late.
Fix it by adding crypto libs to `LIBS` at the end of the configuration
process.
Otherwise `configure` links crypto libs while doing feature tests,
which can cause unwanted detections. For example LibreSSL publishes
the function `explicit_bzero()`, which masks the system alternative,
e.g. `memset_s()` on macOS. Then when trying to compile libssh2, its
declaration is missing:
```
bcrypt_pbkdf.c:93:5: error: implicit declaration of function 'explicit_bzero' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
_libssh2_explicit_zero(ciphertext, sizeof(ciphertext));
^
../src/misc.h:50:43: note: expanded from macro '_libssh2_explicit_zero'
^
```
Regression from 4f0f4bff5a
- cmake: fix to list our own include directory before the crypto libs',
when building tests.
Otherwise a global crypto header path, such as `/usr/local/include`,
containing an external `libssh2.h` of a different version, could cause
weird errors:
```
cc -DHAVE_CONFIG_H -DLIBSSH2_LIBGCRYPT \
-I../src -I../../src -I/usr/local/include -I[...]/libssh2/include \
-g -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX13.1.sdk \
-mmacosx-version-min=12.6 -MD -MT \
tests/CMakeFiles/test_aa_warmup.dir/test_aa_warmup.c.o \
-MF CMakeFiles/test_aa_warmup.dir/test_aa_warmup.c.o.d \
-o CMakeFiles/test_aa_warmup.dir/test_aa_warmup.c.o -c \
[...]/libssh2/tests/test_aa_warmup.c
```
```
[ 62%] Building C object tests/CMakeFiles/test_aa_warmup.dir/test_aa_warmup.c.o
In file included from /Users/runner/work/libssh2/libssh2/tests/test_aa_warmup.c:4:
In file included from /Users/runner/work/libssh2/libssh2/tests/runner.h:42:
In file included from /Users/runner/work/libssh2/libssh2/tests/session_fixture.h:43:
/Users/runner/work/libssh2/libssh2/tests/../src/libssh2_priv.h:649:5: error: type name requires a specifier or qualifier
LIBSSH2_AUTHAGENT_FUNC((*authagent));
^
/Users/runner/work/libssh2/libssh2/tests/../src/libssh2_priv.h:649:30: error: type specifier missing, defaults to 'int' [-Werror,-Wimplicit-int]
LIBSSH2_AUTHAGENT_FUNC((*authagent));
^
/Users/runner/work/libssh2/libssh2/tests/../src/libssh2_priv.h:650:5: error: type name requires a specifier or qualifier
LIBSSH2_ADD_IDENTITIES_FUNC((*addLocalIdentities));
^
/Users/runner/work/libssh2/libssh2/tests/../src/libssh2_priv.h:650:35: error: type specifier missing, defaults to 'int' [-Werror,-Wimplicit-int]
LIBSSH2_ADD_IDENTITIES_FUNC((*addLocalIdentities));
^
/Users/runner/work/libssh2/libssh2/tests/../src/libssh2_priv.h:651:5: error: type name requires a specifier or qualifier
LIBSSH2_AUTHAGENT_SIGN_FUNC((*agentSignCallback));
^
/Users/runner/work/libssh2/libssh2/tests/../src/libssh2_priv.h:651:35: error: type specifier missing, defaults to 'int' [-Werror,-Wimplicit-int]
LIBSSH2_AUTHAGENT_SIGN_FUNC((*agentSignCallback));
^
6 errors generated.
```
- `tests/session_fixture.h`: delete duplicate `libssh2.h`,
`libssh2_priv.h` already includes it.
Follow-up to a683133dfe
CI logs with these errors:
https://github.com/libssh2/libssh2/actions/runs/4824079094https://github.com/libssh2/libssh2/actions/runs/4824270819
curl's `macos.yml`: da2470de96/.github/workflows/macos.yml
Tidying-up while here:
- tests/session_fixture.h: delete duplicate `libssh2.h`.
`libssh2_priv.h` includes it already.
Follow-up to a683133dfe
- ci.yml: yamllint warnings and formatting.
- ci.yml: msvc section formatting and step-naming sync with macOS.
Follow-up to f4a4c05dc3
- ci.yml: enable `--enable-werror` for msys2 jobs.
Follow-up to 71cae949d5
- appveyor.yml: show OpenSSL versions, link to image content.
Closes#1013
Unless I'm missing something, it looks like `libssh2.h` has been using
`libssh2_int64_t` unconditionally since at least 2010-04-17 when
`libssh2_scp_send64()` landed via commit
be9ee7095e.
This makes it redundant to detect `HAVE_LONGLONG` to fallback to a
32-bit `scpRecv_size` in `libssh2_priv.h`. Then deal with possible
combinations of this flag and `strtoll()` options, which was
error-prone.
Instead, assume in `libssh2_priv.h` that we have `libssh2_int64_t`, and
use it always.
For MSVC, this means `_MSC_VER` `1310` (from year 2003) is now
required. Based on the above, this was already so before this patch.
If there happens to be no 64-bit `strtoll()` detected, fall back to the
32-bit `strtol()` (this should never happen with MSVC, and probably
neither with any other reasonably modern toolchain.)
Also make sure to set `HAVE_STRTOI64` for older, non-CMake, MSVC builds
(e.g. `Makefile.mk` or `NMakefile` ones).
Closes#1002
Keep a single list for mac and crypt algos that we use in both CMake
and autotools. Use the same test names across build tools.
Use the TAP protocol to track individual tests run from a single shell
script.
Also:
- enable the rest of our tests with autotools.
- set `make check` verbose to see errors in case they happen.
- silence stray 'command not found' error when running `mansyntax.sh`
on Windows.
GitHub Actions Windows docker tests disabled due to:
```
Command: docker build --quiet -t libssh2/openssh_server ../tests/openssh_server
Error running command 'docker build --quiet -t libssh2/openssh_server ../tests/openssh_server' (exit 1): Sending build context to Docker daemon 22.02kB
Step 1/42 : FROM debian:bullseye-slim
bullseye-slim: Pulling from library/debian
no matching manifest for windows/amd64 10.0.20348 in the manifest list entries
Failed to build docker image
```
Closes#993
Caveat: When building `--enable-static` and `--enable-shared` at the
same time, the compiled Windows resource is also included in the
static library. This appears to be an autotools limitation, with no
way to have different input lists (or different custom options) for
shared and static libraries, even though it builds them separately.
The workaround is to build static libraries in a separate
`./configure` + `make` pass.
Closes#944
- introduce `src/crypto.c` as an umbrella source that does nothing else
than include the selected crypto backend source. Moving this job from
the built-tool to the C preprocessor.
- this allows dropping the various techniques to pick the correct crypto
backend sources in autotools, CMake and other build method. Including
the per-backend `Makefile.<crypto-backend>.inc` makefiles.
- copy a trick from curl and instead of maintaining duplicate source
lists for CMake, convert the GNU Makefile kept for autotools
automatically. Do this in `docs`, `examples` and `src`.
Ref: dfabe8bca2/CMakeLists.txt (L1399-L1413)
Also fixes missing `libssh2_setup.h` from `src/CMakeFiles.txt` after
59666e03f0.
- move `Makefile.inc` from root to `src`.
- reformat `src/Makefile.inc` to list each source in separate lines,
re-align the continuation character and sort the lists alphabetically.
- update `docs/HACKING-CRYPTO` accordingly.
- autotools: update the way we add crypto-backends to `LIBS`.
- delete old CSV headers, indent, and merge two lines in
`docs/Makefile.am` and `src/Makefile.am`.
- add `libssh2.pc` to `.gitignore`, while there.
Closes#941
`libssh2.h` required `winsock2.h` for `_WIN32` since
81d53de4dc (2011-06-04).
Apply that to the whole codebase. This makes it unnecessary to detect
`HAVE_WINSOCK2_H` and allows to drop all its uses.
Completes TODO from b66d7317ca
TODO: Straighten out the use a mixture of `HAVE_WINDOWS_H`,
`WIN32`, `_WIN32` to detect Windows.
It was used once in `src/libssh2_priv.h`, but without any effect.
The header included `ws2tcpip.h` twice, once guarded by
`HAVE_WS2TCPIP_H` and another time by `HAVE_WINSOCK2_H`.
Dedupe these to not use `HAVE_WS2TCPIP_H`. Then delete detection
of this feature from all build methods.
TODO: Replace `HAVE_WINSOCK2_H` with `_WIN32`/`WIN32`.
Null-cipher and null-MAC are security footguns we want to avoid.
Existing option names to toggle these were ambiguous and gave room for
misinterpretation. Some projects may have had these options enabled by
accident.
This patch aims to make it more difficult to enable them, and making
sure that existing methods require an update to stay enabled.
- delete CMake/autotools settings to enable the "none" cipher and MAC.
- rename existing C macros that can enable them.
To use them, pass them as custom `CPPFLAGS` to the build.
- enable them only if `LIBSSH2DEBUG` is also enabled.
Best would be to delete them, though they may have some use while
developing libssh2 itself, or debugging.
libssh2 supports an "old" style KEX message
`SSH2_MSG_KEX_DH_GEX_REQUEST_OLD`, as an off-by-default build option.
OpenSSH deprecated/disabled this feature in v6.9 (2015-07-01):
https://www.openssh.com/releasenotes.html#6.9
This patch deletes this obsolete feature from libssh2, with no option
to enable it.
Added to libssh2 in: cf8ca63ea0 (2004-12-31)
RFC: https://datatracker.ietf.org/doc/html/rfc4419 (2006-03)
- convert `_libssh2_explicit_zero()` to macro. This allows inlining
where supported (e.g. `SecureZeroMemory()`).
- replace `SecureZeroMemory()` (in `wincng.c`) and
`LIBSSH2_CLEAR_MEMORY`-guarded `memset()` (in `os400qc3.c`) with
`_libssh2_explicit_zero()` macro.
- delete `LIBSSH2_CLEAR_MEMORY` guards, which enables secure-zeroing
universally.
- add `LIBSSH2_NO_CLEAR_MEMORY` option to disable secure-zeroing.
- while here, delete double/triple inclusion of `misc.h`.
`libssh2_priv.h` included it already.
Closes#810
Before this patch, the `snprintf()` fallback logic for envs not
supporting this function (i.e. Visual Studio 2013 and older) varied
depending on build tool, and used different techniques in examples,
tests and libssh2 itself.
This patch aims to apply a common logic to libssh2 and examples/tests.
- libssh2: use local `snprintf()` fallback with all build tools.
We already had a local implementation, but only with CMake. Move that
to the library as `_libssh2_snprintf()`, and map `snprintf()` to it
when `HAVE_SNPRINTF` is not set.
Also change the length type from `int` to `size_t`, and fix
formatting.
- set or detect `HAVE_SNPRINTF` in non-CMake builds.
Detect in autotools. Keep existing logic in `win32/libssh2_config.h`.
Always set for OS/400, NetWare and VMS, keeping existing behaviour.
(OS/400 builds use a different local implementation)
- examples/tests: drop the CMake-specific fallback logic and map
`snprintf()` to `_snprintf()` for old MSVC versions, like we did
before with other build tools. This is unsafe, but should be fine for
these uses.
- `win32/libssh2_config.h`: make it easier to read.
Closes#812
- in `hostkey.c` check the result of `libssh2_sha256_init()` and
`libssh2_sha512_init()` calls. This avoid the warning that we're
ignoring the return values.
- fix code using `int` (or `SOCKET`) for sockets. Use libssh2's
dedicated `libssh2_socket_t` and `LIBSSH2_INVALID_SOCKET` instead.
- fix compiler warnings due to `STATUS_*` macro redefinitions between
`ntstatus.h` / `winnt.h`. Solve it by manually defining the single
`STATUS` value we need from `ntstatus.h` and stop including the whole
header.
Fixes#733
- improve Windows UWP/WinRT builds by detecting it with code copied
from the curl project. Then excluding problematic libssh2 parts
according to PR by Dmitry Kostjučenko.
Fixes#734
- always use `SecureZeroMemory()` on Windows.
We can tweak this if not found or not inlined by a C compiler which
we otherwise support. Same if it causes issues with UWP apps.
Ref: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/aa366877(v=vs.85)
Ref: https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-rtlsecurezeromemory
- always enable `LIBSSH2_CLEAR_MEMORY` on Windows. CMake and
curl-for-win builds already did that. Delete `SecureZeroMemory()`
detection from autotools' WinCNG backend logic, that this
setting used to depend on.
TODO: Enable it for all platforms in a separate PR.
TODO: For clearing buffers in WinCNG, call `_libssh2_explicit_zero()`,
insead of a local function or explicit `SecureZeroMemory()`.
- Makefile.inc: move `os400qc3.h` to `HEADERS`. This fixes
compilation on non-unixy platforms. Recent regression.
- `libssh2.rc`: replace copyright with plain ASCII, as in curl.
Ref: curl/curl@1ca62bb
Ref: curl/curl#7765
Ref: curl/curl#7776
- CMake fixes and improvements:
- enable warnings with llvm/clang.
- enable more comprehensive warnings with gcc and llvm/clang.
Logic copied from curl:
233810bb5f/CMakeLists.txt (L131-L148)
- fix `Policy CMP0080` CMake warning by deleting that reference.
- add `ENABLE_WERROR` (default: `OFF`) option. Ported from curl.
- add `PICKY_COMPILER` (default: `ON`) option, as known from curl.
It controls both the newly added picky warnings for llvm/clang and
gcc, and also the pre-existing ones for MSVC.
- `win32/GNUmakefile` fixes and improvements:
- delete `_AMD64_` and add missing `-m64` for x64 builds under test.
- add support for `ARCH=custom`.
It disables hardcoded Intel 64-bit and Intel 32-bit options,
allowing ARM64 builds.
- add support for `LIBSSH2_RCFLAG_EXTRAS`.
To pass custom options to windres, e.g. in ARM64 builds.
- add support for `LIBSSH2_RC`. To override `windres`.
- delete support for Metrowerks C. Last released in 2004.
- `win32/libssh2_config.h`: delete unnecessary socket #includes
`src/libssh2_priv.h` includes `winsock2.h` and `ws2tcpip.h` further
down the line, triggered by `HAVE_WINSOCK2_H`.
`mswsock.h` does not seem to be necessary anymore.
Double-including these (before `windows.h`) caused compiler failures
when building against BoringSSL and warnings with LibreSSL. We could
work this around by passing `-DNOCRYPT`. Deleting the duplicates
fixes these issues.
Timeline:
2013: c910cd382d deleted `mswsock.h` from `src/libssh2_priv.h`
2008: 8c43bc52b1 added `winsock2.h` and `ws2tcpip.h` to `src/libssh2_priv.h`
2005: dc4bb1af96 added the now deleted #includes
- delete or replace `LIBSSH2_WIN32` with `WIN32`.
- replace hand-rolled `HAVE_WINDOWS_H` macro with `WIN32`. Also delete
its detections/definitions.
- delete unused `LIBSSH2_DARWIN` macro.
- delete unused `writev()` Windows implementation
There is no reference to `writev()` since 2007-02-02, commit
9d55db6501.
- fix a bunch of MSVC / llvm/clang / gcc compiler warnings:
- `warning C4100: '...': unreferenced formal parameter`
- using value of undefined PP macro `LIBSSH2DEBUG`
- missing void from function definition
- `if()` block missing in non-debug builds
- unreferenced variable in non-debug builds
- `warning: must specify at least one argument for '...' parameter of variadic macro [-Wgnu-zero-variadic-macro-arguments]`
in `_libssh2_debug()`
- `warning C4295: 'ciphertext' : array is too small to include a terminating null character`
- `warning C4706: assignment within conditional expression`
- `warning C4996: 'inet_addr': Use inet_pton() or InetPton() instead or
define _WINSOCK_DEPRECATED_NO_WARNINGS to disable deprecated API warnings`
By suppressning it. Would be best to use inet_pton() as suggested.
On Windows this needs Vista though.
- `warning C4152: nonstandard extension, function/data pointer conversion in expression`
(silenced locally)
- `warning C4068: unknown pragma`
Ref: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46354480/job/j7d0m34qgq8rag5wCloses#808
It uses wolfSSL's OpenSSL compatibility layer, so rather than introduce new
wolfssl.h/c files, the new backend just reuses openssl.h/c. Additionally,
replace EVP_Cipher() calls with EVP_CipherUpdate(), since EVP_Cipher() is not
recommended.
Credit: Hayden Roche
* configure.ac: don't undefine scoped variable
To get this script to run with Autoconf 2.71 on macOS I had to remove the undefine of the backend for loop variable. It seems scoped to the for loop and also isn't referenced later in the script so it seems OK to remove it.
* configure.ac: remove cygwin specific CFLAGS #598
Notes:
Remove cygwin specific Win32 CFLAGS and treat the build like a posix build
Credit:
Will Cosgrove, Brian Inglis
Files:
.travis.yml, configure.ac, ossfuzz
Notes:
This adds support for an OSS-Fuzz fuzzing target in ssh2_client_fuzzer,
which is a cut down example of ssh2.c. Future enhancements can improve
coverage.
Credit:
Max Dymond
Notes:
The buildconf script is currently required, because we need to copy a
header around, because it is used both from the library and the examples
sources.
However, having a custom 'buildconf'-like script is not needed if we can
ensure that the header exists by the time it is needed. For that, we can
just append the src/ directory to the headers search path for the
examples.
And then it means we no longer need to generate the same header twice,
so we remove the second one from configure.ac.
Now, we can just call "autoreconf -fi" to generate the autotools files,
instead of relying on the canned sequence in "buildconf", since
autoreconf has now long known what to do at the correct moment (future
versions of autotools, automake, autopoint, autoheader etc... may
require an other ordering, or other intermediate steps, etc...).
Eventually, get rid of buildconf now it is no longer needed. In fact, we
really keep it for legacy, but have it just call autoreconf (and print a
nice user-friendly warning). Don't include it in the release tarballs,
though.
Update doc, gitignore, and travis-CI jobs accordingly.
Credit:
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Sam Voss <sam.voss@rockwellcollins.com>
OpenSSH Key and ED25519 support #39
Added _libssh2_explicit_zero() to explicitly zero sensitive data in memory #120
* ED25519 Key file support - Requires OpenSSL 1.1.1 or later
* OpenSSH Key format reading support - Supports RSA/DSA/ECDSA/ED25519 types
* New string buffer reading functions - These add build-in bounds checking and convenance methods. Used for OpenSSL PEM file reading.
* Added new tests for OpenSSH formatted Keys
The new --with-crypto option replaces the previous backend-specific
--with-{openssl,libgcrypt,mbedtls,wincng} options and fixes some issues.
* libgcrypt or mbedtls would previously be used whenever found, even
if configure was passed --without-libgcrypt or --without-mbedtls.
* If --with-$backend was specified then configure would not fail even
if that library could not be found, and would instead use whichever
crypto library was found first.
The new option defaults to `auto`, which makes configure check for all
supported crypto libraries in turn, choosing the first one found, or
exiting with an error if none can be found.
