Add internal libssh2 library aliases to make these available for
downstream/dependent projects building libssh2 via `add_subdirectory()`:
- `libssh2:libssh2_static`
- `libssh2:libssh2_shared`
- `libssh2:libssh2` (shared, or static when not building shared)
- `libssh2` (shared, or static when not building shared)
Of these, `libssh2` was present in v1.10.0 and earlier releases, but
missing from v1.11.0.
Closes#1169
- quote text literals to improve readability.
(exceptions: `FILES` items, `add_subdirectory` names, `find_package`
names, literal target names, version numbers, 0/1, built-in CMake
values and CMake keywords, list items in `cmake/max_warnings.cmake`)
- quote standalone variables that could break syntax on empty values.
- replace `libssh2_SOURCE_DIR` with `PROJECT_SOURCE_DIR`.
- add missing mode to `message()` call.
- `TRUE`/`FALSE` → `ON`/`OFF`.
- add missing default value `OFF` to `option()` for clarity.
- unfold some lines.
- `INSTALL_CMAKE.md` fixes and updates. Show defaults.
Closes#1166
To match with the types used by the `Crypt*()` (uses `DWORD`) and
`BCrypt*()` (uses `ULONG`) Windows APIs.
This patch doesn't change data width or signedness.
Closes#1165
- make `_libssh2_wincng_key_sha_verify` static.
- prefer `unsigned long` over `size_t` in two static functions.
- prefer `ULONG` over `DWORD` to match `BCryptImportKeyPair()`
and `BCryptGenerateKeyPair()`.
- add a newline.
Closes#1164
Use existing MSYS2 section and extend it with builds for the MSYS
environment with both autotools and cmake.
MSYS builds resemble Cygwin ones: The env is Unixy, where Windows
headers are all available but we don't use them.
Also:
- extend existing autotools logic for Cygwin to skip detecting
`windows.h` for MSYS targets too.
- require `windows.h` for the WinCNG backend in autotools. Before this
patch, autotools allowed selecting WinCNG on the Cygwin and MSYS
platforms, but the builds then fell apart due to the resulting mixed
Unixy + Windowsy environment. The general expectation for Cygwin/MSYS
builds is not to use the Windows API directly in them.
- stop manually selecting the `MSYS Makefiles` CMake generator for
MSYS2-based GHA CI builds. mingw-w64 builds work fine without it, but
it broke MSYS build which use `Unix Makefiles`. Deleting this setting
fixes all build flavours.
Closes#1162
To avoid builds picking up non-Cygwin components coming by default with
the CI machine, I used the solution recommended by Cygwin [1] and set
`PATH` manually. To avoid repeating this for each step, I merged steps
into a single one. Let us know if there is a more elegant way.
Cygwin's Github Action uses cleartext HTTP. We upgrade this to HTTPS.
autotools build seemed to take slightly longer than other jobs. To save
turnaround time I disabled building tests.
Cygwin package search: https://cygwin.com/cgi-bin2/package-grep.cgi
[1] https://github.com/cygwin/cygwin-install-action/tree/v4#pathCloses#1161
Former solution was appending an empty element to the array if
`CMAKE_MODULE_PATH` was originally empty. The new syntax doesn't have
this side-effect.
There is no known issue caused by this. Fixing it for good measure.
Closes#1157
This caused a CMake error instead of our custom error when manually
selecting the `WinCNG` crypto-backend for a non-Windows target.
Also cleanup `STREQUAL` checks to use variable name without `${}` on
the left side and quoted string literals on the right.
Closes#1151
Stop calling `OpenSSL_add_all_*()` for LibreSSL 2.7.0 and later.
LibreSSL 2.7.0 (2018-03-21) introduced automatic initialization and
deprecated these functions. Stop calling these functions manually for
LibreSSL version that no longer need them.
Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.0-relnotes.txt
Ref: 46f29f1197
Ref: https://github.com/libssh2/libssh2/issues/302
Also stop calling `ENGINE_*()` functions when initialization is
automatic with LibreSSL 2.7.0+ and OpenSSL 1.1.0+. Engines are also
initializated automatically with these.
Closes#1146
Without curly braces it was less obvious which string is a GHA expression.
Also fix an `if` expression that always missed its curly braces.
Reverts cab3db5887Closes#1145
We use different APIs when we read one private key from memory,
so it is improper to store the private key information in the
structure that stores the private key file information.
Fixes https://github.com/libssh2/libssh2/issues/773
Reported-by: mike-jumper
`key_dsa_wrong` is the same kind of (valid) key as `key_dsa`, both with
an empty passphrase. Named "wrong" because it's intentionally not added
to our `openssh_server/authorized_keys` file.
Revert fb1195cf88#917
On a second look this change did not improve anything with autotools
builds. autotools seems to handle the dll export matter without it.
This patch also broke (e.g.) curl-for-win autotools builds, where the
curl build defines `DLL_EXPORT` while building libcurl DLL. `libssh2.h`
picks it up, resulting in unresolved symbols while trying to link a
static libssh2 on Windows. The best fix seems to be to revert this,
instead of adding extra tweaks to dependents.
Fixes:
https://ci.appveyor.com/project/curlorg/curl-for-win/builds/47667412#L11035
```
ld.lld-15: error: undefined symbol: __declspec(dllimport) libssh2_session_block_directions
>>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_do)
>>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_connect)
>>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_multi_statemach)
>>> referenced 8 more times
ld.lld-15: error: undefined symbol: __declspec(dllimport) libssh2_session_init_ex
>>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_connect)
ld.lld-15: error: undefined symbol: __declspec(dllimport) libssh2_session_set_read_timeout
[...]
```
Closes#1141
Apply an existing fix to `test_read`, so that it falls back to use
the current username instead of the hardcoded `libssh2` when run
outside Docker.
This allows to run algo tests with this command:
```shell
cd tests
./test_sshd.test ./test_read_algos.test
```
Closes#1139
This make file was for long time unmaintained (last updated in 2014).
Despite best efforts to keep it working in the recent round of major
overhauls, it appears to be broken now. There is also no way to test it
without an actual MSVC env and it's also missing from our CI. Based on
our Issue tracker, it's also not widely used.
Since its addition in 2005, libssh2 got support for CMake in 2014.
CMake should be able to generate NMake makefiles with the option
`-G "NMake Makefiles"`. (I haven't tested this.)
Ref: https://github.com/libssh2/libssh2/discussions/1129Closes#1134
libssh2 1.11.0 fails to decrypt private keys encrypted with
aes128-gcm@openssh.com and aes256-gcm@openssh.com ciphers.
To reproduce the issue, you can create a test key with a command like
the following:
```bash
ssh-keygen -Z aes256-gcm@openssh.com -f id_aes256-gcm
```
If you attempt to use this key for authentication, libssh2 returns the
not-so-helpful error message "Wrong passphrase or invalid/unrecognized
private key file format".
The problem is that OpenSSH encrypts keys differently than packets. It
does not include the length as AAD, and the 16 byte authentication tag
is appended after the encrypted key. The length of the authentication
tag is not included in the encrypted key length.
I have not found any documentation for this behaviour -- I discovered it
by looking at the OpenSSH source. See the `private2_decrypt` function in
<https://github.com/openssh/openssh-portable/blob/master/sshkey.c>.
This patch fixes the code for reading OpenSSH private keys encrypted
with AES-GCM methods.
We mistakently added transitive zlib to `Requires.private` before, then
removed it. This patch re-adds zlib, but this time to `Libs.private`,
which is listing raw libs and should include transitive libs as well.
Also add zlib when used as a direct dependency when zlib compression
support is enabled.
Follow-up to ef538069a6Closes#1131
Fixes the warning below, which appeared in CMake v3.27.0:
```
CMake Deprecation Warning at CMakeLists.txt:39 (cmake_minimum_required):
Compatibility with CMake < 3.5 will be removed from a future version of
CMake.
Update the VERSION argument <min> value or use a ...<max> suffix to tell
CMake that the project does not need compatibility with older versions.
```
Bump straight up to v3.7.0 to sync up with the curl project:
2900c29218/CMakeLists.txt (L64)
CMake release dates:
v3.7.0 2016-11-11
v3.5.0 2016-03-08
v3.1.0 2014-12-17
Closes#1126
- prefix with `LIBSSH2_PC_`
- match with the names of `pkg-config` values.
- use the same names in autotools and CMake scripts.
- use `LIBSSH2_VERSION` for the version number in autotools scripts,
to match the name used in CMake.
Closes#1125
Adapted for libssh2 from the curl commit message by James Le Cuirot:
"A project built entirely statically will call `pkg-config` with
`--static`, which utilises the `Libs.private:` field. Conversely it will
not use `--static` when not being built entirely statically, even if
there is only a static build of libssh2 available. This will most
likely cause the build to fail due to underlinking unless we merge the
`Libs:` fields.
Consider that this is what the Meson build system does when it generates
`pkg-config` files."
This patch extends the above to `Requires:`, to mirror `Libs:` with
`pkg-config` package names.
Follow-up to 1209c16d93#1114
Ref: https://github.com/libssh2/libssh2/pull/1114#issuecomment-1634334809
Ref: 98e5904165
Ref: https://github.com/curl/curl/pull/5373Closes#1119
In `Requires*:`, the documented name separator is comma. We already used
it in the CMake-generated `libssh2.pc`. Adjust the autotools-generated
one to use it too, instead of spaces.
Ref: https://linux.die.net/man/1/pkg-config
Ref: d97db4fae4/pkg-config.1Closes#1124
- autotools was using `libwolfssl`. CMake left it empty. wolfSSL
provides `wolfssl.pc`. This patch sets `Requires.private: wolfssl`
with both build tools.
- add `libgcrypt` to `Requires.private` with both autotools and CMake.
Ref:
e76e88eef7/src/libgcrypt.pc.in
Present since 2005-04-22:
32bf3f13e8
Released in v1.3.0 2007-05-04:
https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.3.0
- also stop adding transitive `zlib` deps to `Requires.private`.
The referenced crypto package is adding it as nedded.
This makes deduplication of the list redundant, so stop doing it.
Follow-up to 2fc3679007
(`libssh2.pc` not tested as a project dependency.)
Closes#1123
- dedupe `Requires.private` in `libssh2.pc`.
`zlib` could appear on the list twice:
```
Requires.private: libssl,libcrypto,zlib,zlib
```
According to CMake docs `list(REMOVE_DUPLICATES ...)`, is supported by
our minimum required CMake version (and by earlier ones even):
https://cmake.org/cmake/help/v3.1/command/list.html#remove-duplicates
- move `cmake_minimum_required()` to the top.
- move `set(CMAKE_MODULE_PATH)` to the top.
- delete duplicate `set(CMAKE_MODULE_PATH)`.
- replace `CMAKE_CURRENT_SOURCE_DIR` with `PROJECT_SOURCE_DIR` in root
`CMakeLists.txt` for robustness.
- replace `gcovr` option with long-form for readability/consistency.
- rename `GCOV_OPTIONS` to `GCOV_CFLAGS`. These are C options we enable
when using gcov, not gcov tooling options.
Closes#1122
