Also:
- switch to non-deprecated alternative in examples.
- add pointers and deprecation warning to libssh2_scp_send man page.
Cherry-picked from #1484
Also:
- add `LIBSSH2_DSA_ENABLE` to enable it explicitly.
- test the above option in CI.
- say 'deprecated' in docs and public header.
- disable DSA in the CI server config.
(OpenSSH 9.8 no longer builds with it by default)
https://www.openssh.com/txt/release-9.8
Patch-by: Jose Quaresma
- disable more DSA code when not enabled.
Fixes#1433Closes#1435
Add a new function `libssh2_sftp_posix_rename_ex()` and
`libssh2_sftp_posix_rename()`, which implement
the posix-rename@openssh.com extension.
If the server does not support this extension, the function returns
`LIBSSH2_FX_OP_UNSUPPORTED` and it's up to the user to recover, possibly
by calling `libssh2_sftp_rename()`.
Co-authored-by: Viktor Szakats (bump to size_t)
Closes#1386
Also:
- delete unused internal macro `libssh2_md5()` where defined.
- prefix `libssh2_os400qc3_hash*()` function names with underscore.
These are public/visible, but internal.
- add FIXMEs to OS/400 code to verify update/final calls; some OS API,
some internal.
Ref: https://github.com/libssh2/libssh2/pull/1301#discussion_r1446861650
Reviewed-by: Michael Buckley
Reviewed-by: Patrick Monnerat
Closes#1303
Add new `libssh2_session_callback_set2()` API that deprecates
`libssh2_session_callback_set()`.
The new implementation offers the same functionality, but accepts and
returns a generic function pointer (of type `libssh2_cb_generic *`), as
opposed to the old function that used data pointers (`void *`). The new
solution thus avoids data to function (and vice versa) pointer
conversions, which has undefined behaviour in standard C.
About the name: It seems the `*2` suffix was used in the past for
replacement functions for deprecated ones. Let's stick with that.
`*_ex` was preferred for new functions that extend existing ones with
new features.
Closes#1285
Ref:
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
(2023-11-29)
Enable new warnings:
- replace `-Wno-sign-conversion` with `-Wsign-conversion`.
Fix them in example, tests and wincng. There remain about 360 of these
warnings in `src`. Add a TODO item for those and disable `-Werror` for
this particular warning.
- enable `-Wformat=2` for clang (in both cmake and autotools).
- enable `__attribute__((format))` for `_libssh2_debug()`,
`_libssh2_snprintf()` and in tests for `run_command()`.
`LIBSSH2_PRINTF()` copied from `CURL_TEMP_PRINTF()` in curl.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
Fix them:
- src: replace obsolete fall-through-comments with
`__attribute__((fallthrough))`.
- wincng: fix `-Wsign-conversion` warnings.
- tests: fix `-Wsign-conversion` warnings.
- example: fix `-Wsign-conversion` warnings.
- src: fix `-Wformat` issues in trace calls.
Also, where necessary fix `int` and `unsigned char` casts to
`unsigned int` and adjust printf format strings. These were not
causing compiler warnings.
Cast large types to `long` to avoid dealing with printf masks for
`size_t` and other C99 types. Existing code often used `int` for this.
I'll update them to `long` in an upcoming commit.
- tests: fix `-Wformat` warning.
- silence `-Wformat-nonliteral` warnings.
- mbedtls: silence `-Wsign-conversion`/`-Warith-conversion`
in external header.
Closes#1257
We recommend using CMake instead. Especially in unity mode, it's faster
and probably more familiar for most. It's also easily portable.
(`Makefile.mk` was also portable, but in practice only usable for
Windows. Other platforms required a manual config header.)
Also:
- migrate `LIBSSH2_NO_*` option CI tests to CMake.
- make MSYS2 CMake builds verbose to show compilation options.
Closes#1204
- os400: delete unused `HAVE_STDINT_H`.
- fuzz: delete redundant `stdint.h` use.
`inttypes.h` is already included via `testinput.h`.
- docs/TODO: adjust type in planned function.
Closes#1212
- `- ` -> `- `
- `. ` -> `. `
- `\- ` -> `- `
- `-1` -> `\-1`
- fold long lines along the way
This makes the minus sign come out as a Unicode minus sign
(0x2212), and title separator dashes as Unicode hyphen (0x2010),
with `groff -Tutf8` v1.23.0.
Ref: https://lwn.net/Articles/947941/Closes#1210
- quote text literals to improve readability.
(exceptions: `FILES` items, `add_subdirectory` names, `find_package`
names, literal target names, version numbers, 0/1, built-in CMake
values and CMake keywords, list items in `cmake/max_warnings.cmake`)
- quote standalone variables that could break syntax on empty values.
- replace `libssh2_SOURCE_DIR` with `PROJECT_SOURCE_DIR`.
- add missing mode to `message()` call.
- `TRUE`/`FALSE` → `ON`/`OFF`.
- add missing default value `OFF` to `option()` for clarity.
- unfold some lines.
- `INSTALL_CMAKE.md` fixes and updates. Show defaults.
Closes#1166
- add `libssh2:libssh2` target that selects the shared lib if built,
otherwise the static one.
- re-add `Libssh2:libssh2` target for compatibility with v1.10.0 and
earlier. This is an alias for `libssh2:libssh2`.
- keep `libssh2:libssh2_shared` and `libssh2_libssh2_static` targets.
- allow using `find_package(libssh2)` in dependents as an alternative
to `find_package(Libssh2)`.
Co-authored-by: Radek Brich
Suggested-by: Haowei Hsu
Fixes#1103Fixes#731Closes#1104
- All files have prominent copyright and SPDX identifier
- If not embedded in the file, in the .reuse/dep5 file
- All used licenses are in LICENSES/ (not shipped in tarballs)
- A new REUSE CI job verify that all files are OK
Assisted-by: Viktor Szakats
Closes#1084
Also:
- uppercase `(C)`.
- add missing 'All rights reserved.' lines.
- drop duplicate 'Author' lines.
- add copyright headers where missing.
- enable copyright header check in checksrc.
Reasons for deleting years (copied as-is from curl):
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING
Closes#1082
- simplify `.TH` headers.
- delete empty lines before sections.
- update template with an `AVAILABILITY` section.
Left libssh2 version number in the `.TH` header for entries without an
`AVAILABILITY` section, or where there was a different version number
there.
This PR contains a series of patches that date back many years and I
believe were discussed on the mailing list, but never merged. We have
been using these in our local copy of libssh2 without issue since 2015,
if not earlier. I believe this is the full set of changes, as we tried
to use comments to mark where our copy of libssh2 differs from the
canonical version.
This also contains changes I made earlier this year, but which were not
discussed on the mailing list, to support certificates and FIDO2 keys
with agent forwarding.
Note that this is not a complete implementation of agent forwarding, as
that is outside the scope of libssh2. Clients still need to provide
their own implementation that parses ssh-agent methods after calling
libssh2_channel_read() and calls the appropriate callback messages in
libssh2. See the man page changes in this PR for more details.
Integration-patches-by: Viktor Szakats
* prefer size_t
* prefer unsigned int over u_int in public function
* add const
* docs, indent, checksrc, debug call, compiler warning fixes
Can send specific signals to remote process. Allows for slightly
improved remote process management, if the server supports it.
Integration-patches-by: Viktor Szakats
* doc updates
* change `signame_len` to `size_t`
* variable scopes
* fix checksrc warnings
Closes#672Closes#991
Add support for aes256-gcm@openssh.com and aes128-gcm@openssh.com
ciphers, which are the OpenSSH implementations of AES-GCM cryptography.
It is similar to RFC5647 but has changes to the MAC protocol
negotiation. These are implemented for recent versions of OpenSSL only.
The ciphers work differently than most previous ones in two big areas:
the cipher includes its own integrated MAC, and the packet length field
in the SSH frame is left unencrypted. The code changes necessary are
gated by flags in the LIBSSH2_CRYPT_METHOD configuration structure.
These differences mean that both the first and last parts of a block
require special handling during encryption. The first part is where the
packet length field is, which must be kept out of the encryption path
but in the authenticated part (as AAD). The last part is where the
Authentication Tag is found, which is calculated and appended during
encryption or removed and validated on decryption. As encryption/
decryption is performed on each packet in a loop, one block at a time,
flags indicating when the first and last blocks are being processed are
passed down to the encryption layers.
The strict block-by-block encryption that occurs with other protocols is
inappropriate for AES-GCM, since the packet length shifts the first
encrypted byte 4 bytes into the block. Additionally, the final part of
the block must contain the AES-GCM's Authentication Tag, so it must be
presented to the lower encryption layer whole. These requirements mean
added code to consolidate blocks as they are passed down.
When AES-GCM is negotiated as the cipher, its built-in MAC is
automatically used as the SSH MAC so further MAC negotiation is not
necessary. The SSH negotiation is skipped when _libssh2_mac_override()
indicates that such a cipher is in use. The virtual MAC configuration
block mac_method_hmac_aesgcm is then used as the MAC placeholder.
This work was sponsored by Anders Borum.
Integration-patches-by: Viktor Szakats
* fix checksrc errors
* fix openssl.c warning
* fix transport.c warnings
* switch to `LIBSSH2_MIN/MAX()` from `MIN()`/`MAX()`
* fix indent
* fix libgcrypt unused warning
* fix mbedtls unused warning
* fix wincng unused warning
* fix old openssl unused variable warnings
* delete blank lines
* updates to help merging with the ETM patch
- fix indentation errors.
- reformat `cmake/FindmbedTLS.cmake`
- replace a macro with a variable in `example/sftp_RW_nonblock.c`.
- delete macOS macro `_DARWIN_USE_64_BIT_INODE` from the
OS/400 config header, `os400/libssh2_config.h`.
- fix other minor nits.
Closes#983
* os400: support QADRT development files in a non-standard directory
This enables the possibility to compile libssh2 even if the ascii
runtime development files are not installed system-wide.
* userauth_kbd_packet: fix a pointer target type mismatch.
A temporary variable matching the parameter type is used before copying
to the real target and checking for overflow (that should not occur!).
* os400qc3: move and fix big number procedures
A bug added by a previous code style cleaning is fixed.
_libssh2_random() now checks and return the success status.
* os400qc3: fix cipher definition block lengths
They were wrongly set to the key size.
* Diffie-Hellman min/max modulus sizes are dependent of crypto-backend
In particular, os400qc3 limits the maximum group size to 2048-bits.
Move definitions of these parameters to crypto backend header files.
* kex: return an error if Diffie-Hellman key pair generation fails
* os400: add an ascii assert.h header file
* os400qc3: implement RSA SHA2 256/512
Before this patch, libssh2 sent hardcoded `LIBSSH2_SFTP_ATTRIBUTES`
struct on handle open. This can be problematic on some special OS,
where the file size should be known on new file creation. I added
two new functions to resolve this issue.
Patch-by: @vajdaakos on github via #506
Changes compared to #506:
- drop attr size fixup in favour of #946.
- move `memcpy()` under the state where we need it.
- bump filename length type to `size_t`.
- fix filenames in documentation and other nits.
Closes#506Closes#947
