* os400: support QADRT development files in a non-standard directory
This enables the possibility to compile libssh2 even if the ascii
runtime development files are not installed system-wide.
* userauth_kbd_packet: fix a pointer target type mismatch.
A temporary variable matching the parameter type is used before copying
to the real target and checking for overflow (that should not occur!).
* os400qc3: move and fix big number procedures
A bug added by a previous code style cleaning is fixed.
_libssh2_random() now checks and return the success status.
* os400qc3: fix cipher definition block lengths
They were wrongly set to the key size.
* Diffie-Hellman min/max modulus sizes are dependent of crypto-backend
In particular, os400qc3 limits the maximum group size to 2048-bits.
Move definitions of these parameters to crypto backend header files.
* kex: return an error if Diffie-Hellman key pair generation fails
* os400: add an ascii assert.h header file
* os400qc3: implement RSA SHA2 256/512
Before this patch, libssh2 sent hardcoded `LIBSSH2_SFTP_ATTRIBUTES`
struct on handle open. This can be problematic on some special OS,
where the file size should be known on new file creation. I added
two new functions to resolve this issue.
Patch-by: @vajdaakos on github via #506
Changes compared to #506:
- drop attr size fixup in favour of #946.
- move `memcpy()` under the state where we need it.
- bump filename length type to `size_t`.
- fix filenames in documentation and other nits.
Closes#506Closes#947
- add missing `.fi` tags.
- fix misplaced `.nf` tags.
- add `.nf`/`.fi` tags `SYNOPSIS` where missing.
- fix missing/wrong function name from `SH NAME`.
- fix wrong function name in `TH`.
- keep return values in a separate line.
- indent.
- fold long lines.
- deleted `libssh2_channel_direct_streamlocal()`, there is no such function.
- add missing types.
- add missing headers.
Closes#949
This patch allow to use direct-streamlocal service from OpenSSH 6.7,
that allows UNIX socket connections.
Mods:
- delete unrelated condition:
Ref: https://github.com/libssh2/libssh2/pull/216#discussion_r374748111
- rebase on master, whitespace updates.
Patch-by: @gjalves Gustavo Junior Alves
Closes#216Closes#632Closes#945
- introduce `src/crypto.c` as an umbrella source that does nothing else
than include the selected crypto backend source. Moving this job from
the built-tool to the C preprocessor.
- this allows dropping the various techniques to pick the correct crypto
backend sources in autotools, CMake and other build method. Including
the per-backend `Makefile.<crypto-backend>.inc` makefiles.
- copy a trick from curl and instead of maintaining duplicate source
lists for CMake, convert the GNU Makefile kept for autotools
automatically. Do this in `docs`, `examples` and `src`.
Ref: dfabe8bca2/CMakeLists.txt (L1399-L1413)
Also fixes missing `libssh2_setup.h` from `src/CMakeFiles.txt` after
59666e03f0.
- move `Makefile.inc` from root to `src`.
- reformat `src/Makefile.inc` to list each source in separate lines,
re-align the continuation character and sort the lists alphabetically.
- update `docs/HACKING-CRYPTO` accordingly.
- autotools: update the way we add crypto-backends to `LIBS`.
- delete old CSV headers, indent, and merge two lines in
`docs/Makefile.am` and `src/Makefile.am`.
- add `libssh2.pc` to `.gitignore`, while there.
Closes#941
This set of changes provides a mechanism to runtime-configure the
previously #define'd timeout for reading packets from a session. The
intention here is to also extend libcurl to be able to use this
interface so that when fetching from sftp servers which are very slow
to return directory listings, connections do not time-out so much.
* Add new field to session to hold configurable read timeout
* Updated `_libssh2_packet_require()`, `_libssh2_packet_requirev()`,
and `sftp_packet_requirev()` to use new field in session structure
* Updated docs for API functions to set/get read timeout field in
session structure
* Updated `libssh2.h` to declare the get/set read timeout functions
Co-authored-by: Jon Axtell <jon.axtell@codethink.co.uk>
Credit: Daniel Silverstone
libssh2 supports an "old" style KEX message
`SSH2_MSG_KEX_DH_GEX_REQUEST_OLD`, as an off-by-default build option.
OpenSSH deprecated/disabled this feature in v6.9 (2015-07-01):
https://www.openssh.com/releasenotes.html#6.9
This patch deletes this obsolete feature from libssh2, with no option
to enable it.
Added to libssh2 in: cf8ca63ea0 (2004-12-31)
RFC: https://datatracker.ietf.org/doc/html/rfc4419 (2006-03)
Apply type changes to avoid casts and warnings. In most cases this
means changing to a larger type, usually `size_t` or `ssize_t`.
Change signedness in a few places.
Also introduce new variables to avoid reusing them for multiple
purposes, to avoid casts and warnings.
- add FIXME for public `libssh2_sftp_readdir_ex()` return type.
- fix `_libssh2_mbedtls_rsa_sha2_verify()` to verify if `sig_len`
is large enough.
- fix `_libssh2_dh_key_pair()` in `wincng.c` to return error if
`group_order` input is negative.
Maybe we should also reject zero?
- bump `_libssh2_random()` size type `int` -> `size_t`. Add checks
for WinCNG and OpenSSL to return error if requested more than they
support (`ULONG_MAX`, `INT_MAX` respectively).
- change `_libssh2_ntohu32()` return value `unsigned int` -> `uint32_t`.
- fix `_libssh2_mbedtls_bignum_random()` to check for a negative `top`
input.
- size down `_libssh2_wincng_key_sha_verify()` `hashlen` to match
Windows'.
- fix `session_disconnect()` to limit length of `lang_len`
(to 256 bytes).
- fix bad syntax in an `assert()`.
- add a few `const` to casts.
- `while(1)` -> `for(;;)`.
- add casts that didn't fit into #876.
- update `docs/HACKING-CRYPTO` with new sizes.
May need review for OS400QC3: /cc @monnerat @jonrumsey
See warning details in the PR's individual commits.
Cherry-picked from #846Closes#879
- `BUILD_SHARED_LIBS=ON` no longer disables building static lib.
When set, we build the static lib with PIC enabled.
For shared lib only, set `BUILD_STATIC_LIBS=OFF`. For static lib
without PIC, leave this option disabled.
- new setting: `BUILD_STATIC_LIBS`. `ON` by default.
Force-enabled when building examples or tests (we build those in
static mode always.)
- fix to exclude Windows Resource from the static lib.
- fix to not overwrite static lib with shared implib on Windows
platforms using identical suffix for them (MSVS). By using
`libssh2_imp<.ext>` implib filename.
- add support for `STATIC_LIB_SUFFIX` setting to set an optional suffix
(e.g. `_static`) for the static lib. (experimental, not documented).
Overrides the above when set.
- fix to set `dllexport` when building shared lib.
- set `TrackFileAccess=false` for MSVS.
For faster builds, shorter verbose logs.
- tests: new test linking against shared libssh2: `test_warmup_shared`
- tests: simplify 'runner' lib by merging 3 libs into a single one.
- tests: drop hack from `test_keyboard_interactive_auth_info_request`
build.
We no longer need to compile `src/misc.c` because we always link
libssh2 statically.
- tests: limit `FIXTURE_WORKDIR=` to the `runner` target.
TL;DR: Default behavior unchanged: static (no-PIC), no shared.
Enabling shared unchanged, but now also builds a static (PIC)
lib by default.
Based-on: b60dca8b64#547 by berney on github
Fixes: #547Fixes: #675Closes: #863
wolfSSL supports building with zlib as a dependency, that's the reason
for the ZLIB logic in the patch.
Also add it to `docs/INSTALL_CMAKE.md` and to the help text in
`src/CMakeLists.txt`.
Running tests not actually tested.
Follow-up to 9f217a17f6
Ref: #817
Many files have been added to the cmake build files but not the automake
ones in recent years. Missing ones have been added so automake "make
dist" will now create a usable tar ball.
The integration tests using Docker are now built with automake as well
(with "make check"). They are not run yet since they aren't working yet
on Linux.
Notes:
In #614 it was identified the docs do not accurately show how libssh2_channel_flush_ex() return value is set. I have updated the doc's to correctly show what the function is returning.
Credit:
Ryan Kelley
File:
version.c, HACKING-CRYPTO, libssh2.h, libssh2_crypto_engine.3, makefile.
Notes:
libssh2_crypto_engine() API to get crypto engine at runtime.
Credit: Bastien Durel
Notes:
* Host Key RSA 256/512 support #536
* Client side key hash upgrading for RFC 8332
* Support for server-sig-algs, ext-info-c server messages
* Customizing preferred server-sig-algs via the preference LIBSSH2_METHOD_SIGN_ALGO
Credit: Anders Borum, Will Cosgrove
Notes:
* Make _libssh2_random return code consistent
Previously, _libssh2_random was advertized in HACKING.CRYPTO as
returning `void` (and was implemented that way in os400qc3.c), but that
was in other crypto backends a lie; _libssh2_random is (a macro
expanding) to an int-value expression or function.
Moreover, that returned code was:
— 0 or success, -1 on error for the MbedTLS & WinCNG crypto backends
But also:
— 1 on success, -1 or 0 on error for the OpenSSL backend!
– 1 on success, error cannot happen for libgcrypt!
This commit makes explicit that _libssh2_random can fail (because most of
the underlying crypto functions can indeed fail!), and it makes its result
code consistent: 0 on success, -1 on error.
This is related to issue #519https://github.com/libssh2/libssh2/issues/519
It fixes the first half of it.
* Don't silent errors of _libssh2_random
Make sure to check the returned code of _libssh2_random(), and
propagates any failure.
A new LIBSSH_ERROR_RANDGEN constant is added to libssh2.h
None of the existing error constants seemed fit.
This commit is related to d74285b684
and to https://github.com/libssh2/libssh2/issues/519 (see the issue
for more info.) It closes#519.
Credit:
Paul Capron
Notes:
The buildconf script is currently required, because we need to copy a
header around, because it is used both from the library and the examples
sources.
However, having a custom 'buildconf'-like script is not needed if we can
ensure that the header exists by the time it is needed. For that, we can
just append the src/ directory to the headers search path for the
examples.
And then it means we no longer need to generate the same header twice,
so we remove the second one from configure.ac.
Now, we can just call "autoreconf -fi" to generate the autotools files,
instead of relying on the canned sequence in "buildconf", since
autoreconf has now long known what to do at the correct moment (future
versions of autotools, automake, autopoint, autoheader etc... may
require an other ordering, or other intermediate steps, etc...).
Eventually, get rid of buildconf now it is no longer needed. In fact, we
really keep it for legacy, but have it just call autoreconf (and print a
nice user-friendly warning). Don't include it in the release tarballs,
though.
Update doc, gitignore, and travis-CI jobs accordingly.
Credit:
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Sam Voss <sam.voss@rockwellcollins.com>
File: INSTALL_CMAKE.md
Notes:
Although the original text would be immediately clear to seasoned users of CMAKE and/or Unix shell, the lack of newlines may cause some confusion for newcomers. Hence, wrapping the texts in a md code-block such that the newlines appear as intended.
credit:
suryakalpo
File: HACKING.CRYPTO
Notes:
This commit updates the HACKING.CRYPTO documentation file in an attempt to make it in sync with current code.
New documented features are:
SHA384
SHA512
ECDSA
ED25519
Credit:
monnerat
File : agent.c
Notes :
Libssh2 uses the SSH_AUTH_SOCK env variable to read the system agent location. However, when using a custom agent path you have to set this value using setenv which is not thread-safe. The new functions allow for a way to set a custom agent socket path in a thread safe manor.
Both libssh2_session_handshake.3 and
libssh2_userauth_publickey_frommemory.3 were installed by the configure
build already.
Reported-by: Arfrever on github
Fixes#278
* tests: Remove if-pyramids
* tests: Switch run_command arguments
* tests: Make run_command a vararg function
* tests: Xcode doesn't obey CMake's test working directory
* openssl: move manual AES-CTR cipher into crypto init
* cmake: Move our include dir before all other include paths
Not all backends feature the low level API needed to compute a Diffie-Hellman
secret, but some of them directly implement Diffie-Hellman support with opaque
private data. The later approach is now generalized and backends are
responsible for all Diffie Hellman computations.
As a side effect, procedures/macros _libssh2_bn_rand and _libssh2_bn_mod_exp
are no longer needed outside the backends.
