Stop calling `OpenSSL_add_all_*()` for LibreSSL 2.7.0 and later.
LibreSSL 2.7.0 (2018-03-21) introduced automatic initialization and
deprecated these functions. Stop calling these functions manually for
LibreSSL version that no longer need them.
Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.0-relnotes.txt
Ref: 46f29f1197
Ref: https://github.com/libssh2/libssh2/issues/302
Also stop calling `ENGINE_*()` functions when initialization is
automatic with LibreSSL 2.7.0+ and OpenSSL 1.1.0+. Engines are also
initializated automatically with these.
Closes#1146
Without curly braces it was less obvious which string is a GHA expression.
Also fix an `if` expression that always missed its curly braces.
Reverts cab3db5887Closes#1145
We use different APIs when we read one private key from memory,
so it is improper to store the private key information in the
structure that stores the private key file information.
Fixes https://github.com/libssh2/libssh2/issues/773
Reported-by: mike-jumper
`key_dsa_wrong` is the same kind of (valid) key as `key_dsa`, both with
an empty passphrase. Named "wrong" because it's intentionally not added
to our `openssh_server/authorized_keys` file.
Revert fb1195cf88#917
On a second look this change did not improve anything with autotools
builds. autotools seems to handle the dll export matter without it.
This patch also broke (e.g.) curl-for-win autotools builds, where the
curl build defines `DLL_EXPORT` while building libcurl DLL. `libssh2.h`
picks it up, resulting in unresolved symbols while trying to link a
static libssh2 on Windows. The best fix seems to be to revert this,
instead of adding extra tweaks to dependents.
Fixes:
https://ci.appveyor.com/project/curlorg/curl-for-win/builds/47667412#L11035
```
ld.lld-15: error: undefined symbol: __declspec(dllimport) libssh2_session_block_directions
>>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_do)
>>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_connect)
>>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_multi_statemach)
>>> referenced 8 more times
ld.lld-15: error: undefined symbol: __declspec(dllimport) libssh2_session_init_ex
>>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_connect)
ld.lld-15: error: undefined symbol: __declspec(dllimport) libssh2_session_set_read_timeout
[...]
```
Closes#1141
Apply an existing fix to `test_read`, so that it falls back to use
the current username instead of the hardcoded `libssh2` when run
outside Docker.
This allows to run algo tests with this command:
```shell
cd tests
./test_sshd.test ./test_read_algos.test
```
Closes#1139
This make file was for long time unmaintained (last updated in 2014).
Despite best efforts to keep it working in the recent round of major
overhauls, it appears to be broken now. There is also no way to test it
without an actual MSVC env and it's also missing from our CI. Based on
our Issue tracker, it's also not widely used.
Since its addition in 2005, libssh2 got support for CMake in 2014.
CMake should be able to generate NMake makefiles with the option
`-G "NMake Makefiles"`. (I haven't tested this.)
Ref: https://github.com/libssh2/libssh2/discussions/1129Closes#1134
libssh2 1.11.0 fails to decrypt private keys encrypted with
aes128-gcm@openssh.com and aes256-gcm@openssh.com ciphers.
To reproduce the issue, you can create a test key with a command like
the following:
```bash
ssh-keygen -Z aes256-gcm@openssh.com -f id_aes256-gcm
```
If you attempt to use this key for authentication, libssh2 returns the
not-so-helpful error message "Wrong passphrase or invalid/unrecognized
private key file format".
The problem is that OpenSSH encrypts keys differently than packets. It
does not include the length as AAD, and the 16 byte authentication tag
is appended after the encrypted key. The length of the authentication
tag is not included in the encrypted key length.
I have not found any documentation for this behaviour -- I discovered it
by looking at the OpenSSH source. See the `private2_decrypt` function in
<https://github.com/openssh/openssh-portable/blob/master/sshkey.c>.
This patch fixes the code for reading OpenSSH private keys encrypted
with AES-GCM methods.
We mistakently added transitive zlib to `Requires.private` before, then
removed it. This patch re-adds zlib, but this time to `Libs.private`,
which is listing raw libs and should include transitive libs as well.
Also add zlib when used as a direct dependency when zlib compression
support is enabled.
Follow-up to ef538069a6Closes#1131
Fixes the warning below, which appeared in CMake v3.27.0:
```
CMake Deprecation Warning at CMakeLists.txt:39 (cmake_minimum_required):
Compatibility with CMake < 3.5 will be removed from a future version of
CMake.
Update the VERSION argument <min> value or use a ...<max> suffix to tell
CMake that the project does not need compatibility with older versions.
```
Bump straight up to v3.7.0 to sync up with the curl project:
2900c29218/CMakeLists.txt (L64)
CMake release dates:
v3.7.0 2016-11-11
v3.5.0 2016-03-08
v3.1.0 2014-12-17
Closes#1126
- prefix with `LIBSSH2_PC_`
- match with the names of `pkg-config` values.
- use the same names in autotools and CMake scripts.
- use `LIBSSH2_VERSION` for the version number in autotools scripts,
to match the name used in CMake.
Closes#1125
Adapted for libssh2 from the curl commit message by James Le Cuirot:
"A project built entirely statically will call `pkg-config` with
`--static`, which utilises the `Libs.private:` field. Conversely it will
not use `--static` when not being built entirely statically, even if
there is only a static build of libssh2 available. This will most
likely cause the build to fail due to underlinking unless we merge the
`Libs:` fields.
Consider that this is what the Meson build system does when it generates
`pkg-config` files."
This patch extends the above to `Requires:`, to mirror `Libs:` with
`pkg-config` package names.
Follow-up to 1209c16d93#1114
Ref: https://github.com/libssh2/libssh2/pull/1114#issuecomment-1634334809
Ref: 98e5904165
Ref: https://github.com/curl/curl/pull/5373Closes#1119
In `Requires*:`, the documented name separator is comma. We already used
it in the CMake-generated `libssh2.pc`. Adjust the autotools-generated
one to use it too, instead of spaces.
Ref: https://linux.die.net/man/1/pkg-config
Ref: d97db4fae4/pkg-config.1Closes#1124
- autotools was using `libwolfssl`. CMake left it empty. wolfSSL
provides `wolfssl.pc`. This patch sets `Requires.private: wolfssl`
with both build tools.
- add `libgcrypt` to `Requires.private` with both autotools and CMake.
Ref:
e76e88eef7/src/libgcrypt.pc.in
Present since 2005-04-22:
32bf3f13e8
Released in v1.3.0 2007-05-04:
https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.3.0
- also stop adding transitive `zlib` deps to `Requires.private`.
The referenced crypto package is adding it as nedded.
This makes deduplication of the list redundant, so stop doing it.
Follow-up to 2fc3679007
(`libssh2.pc` not tested as a project dependency.)
Closes#1123
- dedupe `Requires.private` in `libssh2.pc`.
`zlib` could appear on the list twice:
```
Requires.private: libssl,libcrypto,zlib,zlib
```
According to CMake docs `list(REMOVE_DUPLICATES ...)`, is supported by
our minimum required CMake version (and by earlier ones even):
https://cmake.org/cmake/help/v3.1/command/list.html#remove-duplicates
- move `cmake_minimum_required()` to the top.
- move `set(CMAKE_MODULE_PATH)` to the top.
- delete duplicate `set(CMAKE_MODULE_PATH)`.
- replace `CMAKE_CURRENT_SOURCE_DIR` with `PROJECT_SOURCE_DIR` in root
`CMakeLists.txt` for robustness.
- replace `gcovr` option with long-form for readability/consistency.
- rename `GCOV_OPTIONS` to `GCOV_CFLAGS`. These are C options we enable
when using gcov, not gcov tooling options.
Closes#1122
- add `libssh2:libssh2` target that selects the shared lib if built,
otherwise the static one.
- re-add `Libssh2:libssh2` target for compatibility with v1.10.0 and
earlier. This is an alias for `libssh2:libssh2`.
- keep `libssh2:libssh2_shared` and `libssh2_libssh2_static` targets.
- allow using `find_package(libssh2)` in dependents as an alternative
to `find_package(Libssh2)`.
Co-authored-by: Radek Brich
Suggested-by: Haowei Hsu
Fixes#1103Fixes#731Closes#1104
Before this patch OpenSSL, mbedTLS, WinCNG and OS/400 advertised both
SHA2 and SHA1 host key algos, even when SHA1 was not supported by the
crypto backend or when forcefully disabled via `LIBSSH2_NO_RSA_SHA1`.
Reported-by: João M. S. Silva
Fixes#1092Closes#1093
Before 02f2700a61#846#876, we used
`%I64d'. That patch changed this to `%lld`. This patch uses `PRId64`
(defined in `inttypes.h`).
Fixes#1090Closes#1091
