- cmake: always link `ws2_32` on Windows. Also add it to `libssh2.pc`.
Fixes#745
- agent: fix gcc compiler warning:
`src/agent.c:296:35: warning: 'snprintf' output truncated before the last format character [-Wformat-truncation=]`
- autotools: fix `EVP_aes_128_ctr` detection with binutils `ld`
The prerequisite for a successful detection is setting
`LIBS=-lbcrypt` if the chosen openssl-compatible library requires
it, e.g. libressl, or quictls/openssl built with
`-DUSE_BCRYPTGENRANDOM`.
With llvm `lld`, detection works out of the box. With binutils `ld`,
it does not. The reason is `ld`s world-famous pickiness with lib
order.
To fix it, we pass all custom libs before and after the TLS libs.
This ugly hack makes `ld` happy and detection succeed.
- agent: fix Windows-specific warning:
`src/agent.c:318:10: warning: implicit conversion loses integer precision: 'LRESULT' (aka 'long long') to 'int' [-Wshorten-64-to-32]`
- src: fix llvm/clang compiler warning:
`src/libssh2_priv.h:987:28: warning: variadic macros are a C99 feature [-Wvariadic-macros]`
- src: support `inline` with `__GNUC__` (llvm/clang and gcc), fixing:
```
src/libssh2_priv.h:990:8: warning: extension used [-Wlanguage-extension-token]
static inline void
^
```
- blowfish: support `inline` keyword with MSVC.
Also switch to `__inline__` (from `__inline`) for `__GNUC__`:
https://gcc.gnu.org/onlinedocs/gcc/Inline.htmlhttps://clang.llvm.org/docs/UsersManual.html#differences-between-various-standard-modes
- example/test: fix MSVC compiler warnings:
- `example\direct_tcpip.c(209): warning C4244: 'function': conversion from 'unsigned int' to 'u_short', possible loss of data`
- `tests\session_fixture.c(96): warning C4013: 'getcwd' undefined; assuming extern returning int`
- `tests\session_fixture.c(100): warning C4013: 'chdir' undefined; assuming extern returning int`
- delete unused macros:
- `HAVE_SOCKET`
- `HAVE_INET_ADDR`
- `NEED_LIB_NSL`
- `NEED_LIB_SOCKET`
- `HAVE_NTSTATUS_H`
- `HAVE_NTDEF_H`
- build: delete stale zlib/openssl version numbers from path defaults.
- cmake: convert tabs to spaces, add newline at EOFs.
Closes#811
- convert `_libssh2_explicit_zero()` to macro. This allows inlining
where supported (e.g. `SecureZeroMemory()`).
- replace `SecureZeroMemory()` (in `wincng.c`) and
`LIBSSH2_CLEAR_MEMORY`-guarded `memset()` (in `os400qc3.c`) with
`_libssh2_explicit_zero()` macro.
- delete `LIBSSH2_CLEAR_MEMORY` guards, which enables secure-zeroing
universally.
- add `LIBSSH2_NO_CLEAR_MEMORY` option to disable secure-zeroing.
- while here, delete double/triple inclusion of `misc.h`.
`libssh2_priv.h` included it already.
Closes#810
- in `hostkey.c` check the result of `libssh2_sha256_init()` and
`libssh2_sha512_init()` calls. This avoid the warning that we're
ignoring the return values.
- fix code using `int` (or `SOCKET`) for sockets. Use libssh2's
dedicated `libssh2_socket_t` and `LIBSSH2_INVALID_SOCKET` instead.
- fix compiler warnings due to `STATUS_*` macro redefinitions between
`ntstatus.h` / `winnt.h`. Solve it by manually defining the single
`STATUS` value we need from `ntstatus.h` and stop including the whole
header.
Fixes#733
- improve Windows UWP/WinRT builds by detecting it with code copied
from the curl project. Then excluding problematic libssh2 parts
according to PR by Dmitry Kostjučenko.
Fixes#734
- always use `SecureZeroMemory()` on Windows.
We can tweak this if not found or not inlined by a C compiler which
we otherwise support. Same if it causes issues with UWP apps.
Ref: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/aa366877(v=vs.85)
Ref: https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-rtlsecurezeromemory
- always enable `LIBSSH2_CLEAR_MEMORY` on Windows. CMake and
curl-for-win builds already did that. Delete `SecureZeroMemory()`
detection from autotools' WinCNG backend logic, that this
setting used to depend on.
TODO: Enable it for all platforms in a separate PR.
TODO: For clearing buffers in WinCNG, call `_libssh2_explicit_zero()`,
insead of a local function or explicit `SecureZeroMemory()`.
- Makefile.inc: move `os400qc3.h` to `HEADERS`. This fixes
compilation on non-unixy platforms. Recent regression.
- `libssh2.rc`: replace copyright with plain ASCII, as in curl.
Ref: curl/curl@1ca62bb
Ref: curl/curl#7765
Ref: curl/curl#7776
- CMake fixes and improvements:
- enable warnings with llvm/clang.
- enable more comprehensive warnings with gcc and llvm/clang.
Logic copied from curl:
233810bb5f/CMakeLists.txt (L131-L148)
- fix `Policy CMP0080` CMake warning by deleting that reference.
- add `ENABLE_WERROR` (default: `OFF`) option. Ported from curl.
- add `PICKY_COMPILER` (default: `ON`) option, as known from curl.
It controls both the newly added picky warnings for llvm/clang and
gcc, and also the pre-existing ones for MSVC.
- `win32/GNUmakefile` fixes and improvements:
- delete `_AMD64_` and add missing `-m64` for x64 builds under test.
- add support for `ARCH=custom`.
It disables hardcoded Intel 64-bit and Intel 32-bit options,
allowing ARM64 builds.
- add support for `LIBSSH2_RCFLAG_EXTRAS`.
To pass custom options to windres, e.g. in ARM64 builds.
- add support for `LIBSSH2_RC`. To override `windres`.
- delete support for Metrowerks C. Last released in 2004.
- `win32/libssh2_config.h`: delete unnecessary socket #includes
`src/libssh2_priv.h` includes `winsock2.h` and `ws2tcpip.h` further
down the line, triggered by `HAVE_WINSOCK2_H`.
`mswsock.h` does not seem to be necessary anymore.
Double-including these (before `windows.h`) caused compiler failures
when building against BoringSSL and warnings with LibreSSL. We could
work this around by passing `-DNOCRYPT`. Deleting the duplicates
fixes these issues.
Timeline:
2013: c910cd382d deleted `mswsock.h` from `src/libssh2_priv.h`
2008: 8c43bc52b1 added `winsock2.h` and `ws2tcpip.h` to `src/libssh2_priv.h`
2005: dc4bb1af96 added the now deleted #includes
- delete or replace `LIBSSH2_WIN32` with `WIN32`.
- replace hand-rolled `HAVE_WINDOWS_H` macro with `WIN32`. Also delete
its detections/definitions.
- delete unused `LIBSSH2_DARWIN` macro.
- delete unused `writev()` Windows implementation
There is no reference to `writev()` since 2007-02-02, commit
9d55db6501.
- fix a bunch of MSVC / llvm/clang / gcc compiler warnings:
- `warning C4100: '...': unreferenced formal parameter`
- using value of undefined PP macro `LIBSSH2DEBUG`
- missing void from function definition
- `if()` block missing in non-debug builds
- unreferenced variable in non-debug builds
- `warning: must specify at least one argument for '...' parameter of variadic macro [-Wgnu-zero-variadic-macro-arguments]`
in `_libssh2_debug()`
- `warning C4295: 'ciphertext' : array is too small to include a terminating null character`
- `warning C4706: assignment within conditional expression`
- `warning C4996: 'inet_addr': Use inet_pton() or InetPton() instead or
define _WINSOCK_DEPRECATED_NO_WARNINGS to disable deprecated API warnings`
By suppressning it. Would be best to use inet_pton() as suggested.
On Windows this needs Vista though.
- `warning C4152: nonstandard extension, function/data pointer conversion in expression`
(silenced locally)
- `warning C4068: unknown pragma`
Ref: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46354480/job/j7d0m34qgq8rag5wCloses#808
It uses wolfSSL's OpenSSL compatibility layer, so rather than introduce new
wolfssl.h/c files, the new backend just reuses openssl.h/c. Additionally,
replace EVP_Cipher() calls with EVP_CipherUpdate(), since EVP_Cipher() is not
recommended.
Credit: Hayden Roche
Examples can't be linked with libmbedtls but need libmbedcrypto, and
any users of libssh2 which use libtool and libssh2.la would encounter
the same problem.
This changes the mbedtls detection to search for libmbedcrypto, which
is the actual dependency for the backend.
The new --with-crypto option replaces the previous backend-specific
--with-{openssl,libgcrypt,mbedtls,wincng} options and fixes some issues.
* libgcrypt or mbedtls would previously be used whenever found, even
if configure was passed --without-libgcrypt or --without-mbedtls.
* If --with-$backend was specified then configure would not fail even
if that library could not be found, and would instead use whichever
crypto library was found first.
The new option defaults to `auto`, which makes configure check for all
supported crypto libraries in turn, choosing the first one found, or
exiting with an error if none can be found.
The change fixes passing of bogus gcrypt prefix.
Reproducible as:
$ ./configure --with-libgcrypt
$ make V=1
...
/bin/sh ../libtool --tag=CC --mode=link gcc -g -O2 -Iyes/include -version-info 1:1:0 -no-undefined -export-symbols-regex '^libssh2_.*' -lgcrypt -lz -Lyes/lib -o libssh2.la -rpath /usr/local/lib channel.lo comp.lo crypt.lo hostkey.lo kex.lo mac.lo misc.lo packet.lo publickey.lo scp.lo session.lo sftp.lo userauth.lo transport.lo version.lo knownhost.lo agent.lo libgcrypt.lo pem.lo keepalive.lo global.lo -lgcrypt
../libtool: line 7475: cd: yes/lib: No such file or directory
libtool: error: cannot determine absolute directory name of 'yes/lib'
These
-Iyes/include
-Lyes/lib
come from libgcrypt code autodetection:
if test -n "$use_libgcrypt" && test "$use_libgcrypt" != "no"; then
LDFLAGS="$LDFLAGS -L$use_libgcrypt/lib"
CFLAGS="$CFLAGS -I$use_libgcrypt/include"
I assume it's a typo to use yes/no flag as a prefix and changed
it to '$with_libgcrypt_prefix'.
Reported-by: Mikhail Pukhlikov <cynede@gentoo.org>
Signed-off-by: Sergei Trofimovich <siarheit@google.com>
... previously it would default to OpenSSL even with the --with-[crypto]
options used unless you specificly disabled OpenSSL. Now, enabling another
backend will automatically disable OpenSSL if the other one is found.
is then properly thread-safe on that OS. These autuconf macros are straight
from the cURL project and were mostly written by Yang Tse. They were only
very slightly edited by me when imported to here.
debug build (using -g and disabling all -O options), but also sets a whole
range of picky/strict compiler options depending on what compiler and version
that is used. This function is ripped right off the curl configure script,
written by yours truly. I left it using the same name as in the curl script
to 1) make it obvious where it comes from, so that 2) it will be easier to
update and keep it in sync with future modifications.
Now, this shows MAAAAAAAAANY warnings...
