Replace hard-coded crypto backends and rely on `LIBSSH2_GCM` macro
to decide whether to run AES-GCM tests.
Without this, build attempted to run AES-GCM tests (and failed)
for crypto backends that have conditional support for this feature, e.g.
wolfSSL without the necessary features built-in
(as in before Homewbrew wolfssl 5.7.0_1, or OpenSSL v1.1.0 and older).
This patch is part of a series of fixes to make wolfSSL AES-GCM support
work together with libssh2.
Cherry-picked from #1407Closes#1410
Use `AM_CFLAGS` to pass custom, per-target C flags. This replaces using
`CFLAGS` which triggered this warning when running `autoreconf -fi`:
```
tests/Makefile.am:8: warning: 'CFLAGS' is a user variable, you should not override it;
tests/Makefile.am:8: use 'AM_CFLAGS' instead
```
(Only for `tests`, even though `example` and `src` also used this
method. The warning is also missing from curl, that also uses
`CFLAGS`.)
Follow-up to 3ec53f3ea2#1286Closes#1378
Replicating OpenSSH's behavior to handle RSA certificate authentication
differently based on the remote server version.
1. For OpenSSH versions >= 7.8, ascertain server's support for RSA Cert
types by checking if the certificate's signature type is present in
the `server-sig-algs`.
2. For OpenSSH versions < 7.8, Set the "SSH_BUG_SIGTYPE" flag when the
RSA key in question is a certificate to ignore `server-sig-algs` and
only offer ssh-rsa signature algorithm for RSA certs.
This arises from the fact that OpenSSH versions up to 7.7 accept
RSA-SHA2 keys but not RSA-SHA2 certificate types. Although OpenSSH <=7.7
includes RSA-SHA2 keys in the `server-sig-algs`, versions <=7.7 do not
actually support RSA certs. Therefore, server sending RSA-SHA2 keys in
`server-sig-algs` should not be interpreted as indicating support for
RSA-SHA2 certs. So, `server-sig-algs` are ignored when the RSA key in
question is a cert, and the remote server version is 7.7 or below.
Relevant sections of the OpenSSH source code:
<https://github.com/openssh/openssh-portable/blob/V_8_9_P1/sshconnect2.c#L1191-L1197>
<https://github.com/openssh/openssh-portable/blob/master/compat.c#L43>
Assisted-by: Will Cosgrove
Reviewed-by: Viktor Szakats
Also markup a vararg function as such.
In functions marked up as vararg functions, there is no need to suppress
`-Wformat-nonliteral` warnings. It's done automatically by the compiler.
Closes#1342
* Use the imported target of FindOpenSSL module
* Build libssh2 before test runner
* Use find_package() in the CMake config file
* Use find_dependency() rather than find_package()
* Install CMake module files and use them in the config file
* Use elseif() to choose the crypto backend
This fixes flakiness experienced recently with two OpenSSL jobs and one
libgcrypt job, and/or intermittently causing all Docker-based tests to
fail.
Reported-by: András Fekete
Fixes#1328Fixes#1329Closes#1338
- install bash to fix error when running tests:
```
ERROR: test_sshd.test - missing test plan
ERROR: test_sshd.test - exited with status 127 (command not found?)
=====================================
[...]
# TOTAL: 4
# PASS: 2
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 2
[...]
env: bash: No such file or directory
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7133852508/job/19427420687#step:3:3998
- fix sshd issue when running tests:
```
# sshd log:
# Server listening on :: port 4711.
# Server listening on 0.0.0.0 port 4711.
# Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/key_rsa.pub
# Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/openssh_server/authorized_keys
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429828342#step:3:4059
Cherry-picked from #1277Closes#1277
Cast large integer types to avoid dealing with printf masks for
`size_t` and other C99 types. Some of existing code used `int`
for this, bump them to `long`.
Ref: afa6b86560#1257Closes#1264
Ref:
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
(2023-11-29)
Enable new warnings:
- replace `-Wno-sign-conversion` with `-Wsign-conversion`.
Fix them in example, tests and wincng. There remain about 360 of these
warnings in `src`. Add a TODO item for those and disable `-Werror` for
this particular warning.
- enable `-Wformat=2` for clang (in both cmake and autotools).
- enable `__attribute__((format))` for `_libssh2_debug()`,
`_libssh2_snprintf()` and in tests for `run_command()`.
`LIBSSH2_PRINTF()` copied from `CURL_TEMP_PRINTF()` in curl.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
Fix them:
- src: replace obsolete fall-through-comments with
`__attribute__((fallthrough))`.
- wincng: fix `-Wsign-conversion` warnings.
- tests: fix `-Wsign-conversion` warnings.
- example: fix `-Wsign-conversion` warnings.
- src: fix `-Wformat` issues in trace calls.
Also, where necessary fix `int` and `unsigned char` casts to
`unsigned int` and adjust printf format strings. These were not
causing compiler warnings.
Cast large types to `long` to avoid dealing with printf masks for
`size_t` and other C99 types. Existing code often used `int` for this.
I'll update them to `long` in an upcoming commit.
- tests: fix `-Wformat` warning.
- silence `-Wformat-nonliteral` warnings.
- mbedtls: silence `-Wsign-conversion`/`-Warith-conversion`
in external header.
Closes#1257
Then sync this warning option with curl.
Seems like a false positive and/or couldn't figure how to fix it, so silence:
```
example/ssh2.c:227:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=]
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~
example/ssh2.c:227:34: note: assuming directive output of 1 byte
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~~~~~~
example/ssh2.c:227:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
example/ssh2.c:228:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=]
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~
example/ssh2.c:228:34: note: assuming directive output of 1 byte
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~~~~~~
example/ssh2.c:228:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205970397#step:10:98
Fix:
```
tests/openssh_fixture.c:116:38: error: ' 2>&1' directive output may be truncated writing 5 bytes into a region of size between 1 and 1024 [-Werror=format-truncation=]
tests/openssh_fixture.c:116:11: note: 'snprintf' output between 6 and 1029 bytes into a destination of size 1024
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205969221#step:10:51
Tested via #1257
If the `$USER` variable is empty, fall back to using `$LOGNAME` to
retrieve the logged-in username.
In POSIX, `$LOGNAME` is a mandatory variable, while `$USER` isn't, and
on some systems it may not be set. Without this value, tests were unable
to provide the correct username when logging into the SSH server running
under the active user's session.
Reported-by: Nicolas Mora
Suggested-by: Nicolas Mora
Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056348Fixes#1240Closes#1241
Also extend our integration test double inclusion. It will still not
catch this case, because that requires
`cmake_minimum_required(VERSION 3.18)` or higher.
Fixes:
```
CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:8 (add_library):
add_library cannot create ALIAS target "libssh2::libssh2" because another
target with the same name already exists.
Call Stack (most recent call first):
CMakeLists.txt:24 (find_package)
CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:13 (add_library):
add_library cannot create ALIAS target "Libssh2::libssh2" because another
target with the same name already exists.
Call Stack (most recent call first):
CMakeLists.txt:24 (find_package)
```
Test to reproduce:
```cmake
cmake_minimum_required(VERSION 3.18) # must be 3.18 or higher
project(test)
find_package(libssh2 CONFIG)
find_package(libssh2 CONFIG) # fails
add_executable(test main.c)
target_link_libraries(test libssh2::libssh2)
```
Ref: https://cmake.org/cmake/help/latest/release/3.18.html#other-changes
Ref: https://cmake.org/cmake/help/v3.18/policy/CMP0107.html
Assisted-by: Kai Pastor
Assisted-by: Harry Mallon
Ref: https://github.com/curl/curl/pull/11913Closes#1216
```
PendingDeprecationWarning:
Copyright and licensing information for 'tests/openssh_server/Dockerfile'
has been found in both 'tests/openssh_server/Dockerfile' and in the DEP5
file located at '.reuse/dep5'. The information for these two sources has
been aggregated. In the future this behaviour will change, and you will
need to explicitly enable aggregation. [...]
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6789274955/job/18456085964#step:4:4
- os400: delete unused `HAVE_STDINT_H`.
- fuzz: delete redundant `stdint.h` use.
`inttypes.h` is already included via `testinput.h`.
- docs/TODO: adjust type in planned function.
Closes#1212
Instead of `WIN32`.
The compiler defines `_WIN32`. Windows SDK headers or build env defines
`WIN32`, or we have to take care of it. The agreement seems to be that
`_WIN32` is the preferred practice here.
Minor downside is that CMake uses `WIN32` and we also adopted it in
`Makefile.mk`.
In public libssh2 headers we stick with accepting either `_WIN32` or
`WIN32` and define our own namespaced `LIBSSH2_WIN32` based on them.
grepping for `WIN32` remains useful to detect Windows-specific code.
Closes#1195
Before this patch, this happened at runtime when using an old (pre-3.0),
FIPS-enabled OpenSSL backend.
This patch makes it possible to disable this via the build-time option
`LIBSSH2_NO_MD5_PEM`.
Also:
- make sure to exclude all MD5 internal APIs when both the above and
`LIBSSH2_NO_MD5` are enabled.
- fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM`
and `LIBSSH2_NO_3DES`.
- add FIXME to apply this change to `os400qc3.*`.
Old-style encrypted private keys require MD5 and they look like this:
```
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,<MD5-hex>
<base64>
-----END RSA PRIVATE KEY-----
```
E.g.: `tests/key_rsa_encrypted`
Ref: https://github.com/libssh2/www/issues/20Closes#1181
Use `IN LISTS` and `IN ITEMS`. This appears to be the preferred way
within CMake's own source code and possibly improves readability.
Fixup a side-effect of `IN LISTS`, where it retains empty values at
the end of the list, as opposed to the syntax used before, which
dropped it. In our case this happened with lines read from a text
file via `file(READ)`.
https://cmake.org/cmake/help/v3.7/command/foreach.htmlCloses#1180
- Dockerfile: use standard sep with `sed`
- Dockerfile: use single quotes in shell command
- appveyor.yml: use long-form option with `choco`
- tests/cmake: add language to test project
- reuse.yml: fix indentation
```
$ yamllint reuse.yml
reuse.yml
[...]
11:5 error wrong indentation: expected 6 but found 4 (indentation)
15:5 error wrong indentation: expected 6 but found 4 (indentation)
[...]
27:5 error wrong indentation: expected 6 but found 4 (indentation)
```
Cherry-picked from #1175
- quote text literals to improve readability.
(exceptions: `FILES` items, `add_subdirectory` names, `find_package`
names, literal target names, version numbers, 0/1, built-in CMake
values and CMake keywords, list items in `cmake/max_warnings.cmake`)
- quote standalone variables that could break syntax on empty values.
- replace `libssh2_SOURCE_DIR` with `PROJECT_SOURCE_DIR`.
- add missing mode to `message()` call.
- `TRUE`/`FALSE` → `ON`/`OFF`.
- add missing default value `OFF` to `option()` for clarity.
- unfold some lines.
- `INSTALL_CMAKE.md` fixes and updates. Show defaults.
Closes#1166
This caused a CMake error instead of our custom error when manually
selecting the `WinCNG` crypto-backend for a non-Windows target.
Also cleanup `STREQUAL` checks to use variable name without `${}` on
the left side and quoted string literals on the right.
Closes#1151
`key_dsa_wrong` is the same kind of (valid) key as `key_dsa`, both with
an empty passphrase. Named "wrong" because it's intentionally not added
to our `openssh_server/authorized_keys` file.
Apply an existing fix to `test_read`, so that it falls back to use
the current username instead of the hardcoded `libssh2` when run
outside Docker.
This allows to run algo tests with this command:
```shell
cd tests
./test_sshd.test ./test_read_algos.test
```
Closes#1139
- dedupe `Requires.private` in `libssh2.pc`.
`zlib` could appear on the list twice:
```
Requires.private: libssl,libcrypto,zlib,zlib
```
According to CMake docs `list(REMOVE_DUPLICATES ...)`, is supported by
our minimum required CMake version (and by earlier ones even):
https://cmake.org/cmake/help/v3.1/command/list.html#remove-duplicates
- move `cmake_minimum_required()` to the top.
- move `set(CMAKE_MODULE_PATH)` to the top.
- delete duplicate `set(CMAKE_MODULE_PATH)`.
- replace `CMAKE_CURRENT_SOURCE_DIR` with `PROJECT_SOURCE_DIR` in root
`CMakeLists.txt` for robustness.
- replace `gcovr` option with long-form for readability/consistency.
- rename `GCOV_OPTIONS` to `GCOV_CFLAGS`. These are C options we enable
when using gcov, not gcov tooling options.
Closes#1122
- All files have prominent copyright and SPDX identifier
- If not embedded in the file, in the .reuse/dep5 file
- All used licenses are in LICENSES/ (not shipped in tarballs)
- A new REUSE CI job verify that all files are OK
Assisted-by: Viktor Szakats
Closes#1084
