Add new `libssh2_session_callback_set2()` API that deprecates
`libssh2_session_callback_set()`.
The new implementation offers the same functionality, but accepts and
returns a generic function pointer (of type `libssh2_cb_generic *`), as
opposed to the old function that used data pointers (`void *`). The new
solution thus avoids data to function (and vice versa) pointer
conversions, which has undefined behaviour in standard C.
About the name: It seems the `*2` suffix was used in the past for
replacement functions for deprecated ones. Let's stick with that.
`*_ex` was preferred for new functions that extend existing ones with
new features.
Closes#1285
Ref:
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
(2023-11-29)
Enable new warnings:
- replace `-Wno-sign-conversion` with `-Wsign-conversion`.
Fix them in example, tests and wincng. There remain about 360 of these
warnings in `src`. Add a TODO item for those and disable `-Werror` for
this particular warning.
- enable `-Wformat=2` for clang (in both cmake and autotools).
- enable `__attribute__((format))` for `_libssh2_debug()`,
`_libssh2_snprintf()` and in tests for `run_command()`.
`LIBSSH2_PRINTF()` copied from `CURL_TEMP_PRINTF()` in curl.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
Fix them:
- src: replace obsolete fall-through-comments with
`__attribute__((fallthrough))`.
- wincng: fix `-Wsign-conversion` warnings.
- tests: fix `-Wsign-conversion` warnings.
- example: fix `-Wsign-conversion` warnings.
- src: fix `-Wformat` issues in trace calls.
Also, where necessary fix `int` and `unsigned char` casts to
`unsigned int` and adjust printf format strings. These were not
causing compiler warnings.
Cast large types to `long` to avoid dealing with printf masks for
`size_t` and other C99 types. Existing code often used `int` for this.
I'll update them to `long` in an upcoming commit.
- tests: fix `-Wformat` warning.
- silence `-Wformat-nonliteral` warnings.
- mbedtls: silence `-Wsign-conversion`/`-Warith-conversion`
in external header.
Closes#1257
We recommend using CMake instead. Especially in unity mode, it's faster
and probably more familiar for most. It's also easily portable.
(`Makefile.mk` was also portable, but in practice only usable for
Windows. Other platforms required a manual config header.)
Also:
- migrate `LIBSSH2_NO_*` option CI tests to CMake.
- make MSYS2 CMake builds verbose to show compilation options.
Closes#1204
- os400: delete unused `HAVE_STDINT_H`.
- fuzz: delete redundant `stdint.h` use.
`inttypes.h` is already included via `testinput.h`.
- docs/TODO: adjust type in planned function.
Closes#1212
- `- ` -> `- `
- `. ` -> `. `
- `\- ` -> `- `
- `-1` -> `\-1`
- fold long lines along the way
This makes the minus sign come out as a Unicode minus sign
(0x2212), and title separator dashes as Unicode hyphen (0x2010),
with `groff -Tutf8` v1.23.0.
Ref: https://lwn.net/Articles/947941/Closes#1210
- quote text literals to improve readability.
(exceptions: `FILES` items, `add_subdirectory` names, `find_package`
names, literal target names, version numbers, 0/1, built-in CMake
values and CMake keywords, list items in `cmake/max_warnings.cmake`)
- quote standalone variables that could break syntax on empty values.
- replace `libssh2_SOURCE_DIR` with `PROJECT_SOURCE_DIR`.
- add missing mode to `message()` call.
- `TRUE`/`FALSE` → `ON`/`OFF`.
- add missing default value `OFF` to `option()` for clarity.
- unfold some lines.
- `INSTALL_CMAKE.md` fixes and updates. Show defaults.
Closes#1166
- add `libssh2:libssh2` target that selects the shared lib if built,
otherwise the static one.
- re-add `Libssh2:libssh2` target for compatibility with v1.10.0 and
earlier. This is an alias for `libssh2:libssh2`.
- keep `libssh2:libssh2_shared` and `libssh2_libssh2_static` targets.
- allow using `find_package(libssh2)` in dependents as an alternative
to `find_package(Libssh2)`.
Co-authored-by: Radek Brich
Suggested-by: Haowei Hsu
Fixes#1103Fixes#731Closes#1104
- All files have prominent copyright and SPDX identifier
- If not embedded in the file, in the .reuse/dep5 file
- All used licenses are in LICENSES/ (not shipped in tarballs)
- A new REUSE CI job verify that all files are OK
Assisted-by: Viktor Szakats
Closes#1084
Also:
- uppercase `(C)`.
- add missing 'All rights reserved.' lines.
- drop duplicate 'Author' lines.
- add copyright headers where missing.
- enable copyright header check in checksrc.
Reasons for deleting years (copied as-is from curl):
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING
Closes#1082
- simplify `.TH` headers.
- delete empty lines before sections.
- update template with an `AVAILABILITY` section.
Left libssh2 version number in the `.TH` header for entries without an
`AVAILABILITY` section, or where there was a different version number
there.
This PR contains a series of patches that date back many years and I
believe were discussed on the mailing list, but never merged. We have
been using these in our local copy of libssh2 without issue since 2015,
if not earlier. I believe this is the full set of changes, as we tried
to use comments to mark where our copy of libssh2 differs from the
canonical version.
This also contains changes I made earlier this year, but which were not
discussed on the mailing list, to support certificates and FIDO2 keys
with agent forwarding.
Note that this is not a complete implementation of agent forwarding, as
that is outside the scope of libssh2. Clients still need to provide
their own implementation that parses ssh-agent methods after calling
libssh2_channel_read() and calls the appropriate callback messages in
libssh2. See the man page changes in this PR for more details.
Integration-patches-by: Viktor Szakats
* prefer size_t
* prefer unsigned int over u_int in public function
* add const
* docs, indent, checksrc, debug call, compiler warning fixes
Can send specific signals to remote process. Allows for slightly
improved remote process management, if the server supports it.
Integration-patches-by: Viktor Szakats
* doc updates
* change `signame_len` to `size_t`
* variable scopes
* fix checksrc warnings
Closes#672Closes#991
Add support for aes256-gcm@openssh.com and aes128-gcm@openssh.com
ciphers, which are the OpenSSH implementations of AES-GCM cryptography.
It is similar to RFC5647 but has changes to the MAC protocol
negotiation. These are implemented for recent versions of OpenSSL only.
The ciphers work differently than most previous ones in two big areas:
the cipher includes its own integrated MAC, and the packet length field
in the SSH frame is left unencrypted. The code changes necessary are
gated by flags in the LIBSSH2_CRYPT_METHOD configuration structure.
These differences mean that both the first and last parts of a block
require special handling during encryption. The first part is where the
packet length field is, which must be kept out of the encryption path
but in the authenticated part (as AAD). The last part is where the
Authentication Tag is found, which is calculated and appended during
encryption or removed and validated on decryption. As encryption/
decryption is performed on each packet in a loop, one block at a time,
flags indicating when the first and last blocks are being processed are
passed down to the encryption layers.
The strict block-by-block encryption that occurs with other protocols is
inappropriate for AES-GCM, since the packet length shifts the first
encrypted byte 4 bytes into the block. Additionally, the final part of
the block must contain the AES-GCM's Authentication Tag, so it must be
presented to the lower encryption layer whole. These requirements mean
added code to consolidate blocks as they are passed down.
When AES-GCM is negotiated as the cipher, its built-in MAC is
automatically used as the SSH MAC so further MAC negotiation is not
necessary. The SSH negotiation is skipped when _libssh2_mac_override()
indicates that such a cipher is in use. The virtual MAC configuration
block mac_method_hmac_aesgcm is then used as the MAC placeholder.
This work was sponsored by Anders Borum.
Integration-patches-by: Viktor Szakats
* fix checksrc errors
* fix openssl.c warning
* fix transport.c warnings
* switch to `LIBSSH2_MIN/MAX()` from `MIN()`/`MAX()`
* fix indent
* fix libgcrypt unused warning
* fix mbedtls unused warning
* fix wincng unused warning
* fix old openssl unused variable warnings
* delete blank lines
* updates to help merging with the ETM patch
- fix indentation errors.
- reformat `cmake/FindmbedTLS.cmake`
- replace a macro with a variable in `example/sftp_RW_nonblock.c`.
- delete macOS macro `_DARWIN_USE_64_BIT_INODE` from the
OS/400 config header, `os400/libssh2_config.h`.
- fix other minor nits.
Closes#983
* os400: support QADRT development files in a non-standard directory
This enables the possibility to compile libssh2 even if the ascii
runtime development files are not installed system-wide.
* userauth_kbd_packet: fix a pointer target type mismatch.
A temporary variable matching the parameter type is used before copying
to the real target and checking for overflow (that should not occur!).
* os400qc3: move and fix big number procedures
A bug added by a previous code style cleaning is fixed.
_libssh2_random() now checks and return the success status.
* os400qc3: fix cipher definition block lengths
They were wrongly set to the key size.
* Diffie-Hellman min/max modulus sizes are dependent of crypto-backend
In particular, os400qc3 limits the maximum group size to 2048-bits.
Move definitions of these parameters to crypto backend header files.
* kex: return an error if Diffie-Hellman key pair generation fails
* os400: add an ascii assert.h header file
* os400qc3: implement RSA SHA2 256/512
Before this patch, libssh2 sent hardcoded `LIBSSH2_SFTP_ATTRIBUTES`
struct on handle open. This can be problematic on some special OS,
where the file size should be known on new file creation. I added
two new functions to resolve this issue.
Patch-by: @vajdaakos on github via #506
Changes compared to #506:
- drop attr size fixup in favour of #946.
- move `memcpy()` under the state where we need it.
- bump filename length type to `size_t`.
- fix filenames in documentation and other nits.
Closes#506Closes#947
- add missing `.fi` tags.
- fix misplaced `.nf` tags.
- add `.nf`/`.fi` tags `SYNOPSIS` where missing.
- fix missing/wrong function name from `SH NAME`.
- fix wrong function name in `TH`.
- keep return values in a separate line.
- indent.
- fold long lines.
- deleted `libssh2_channel_direct_streamlocal()`, there is no such function.
- add missing types.
- add missing headers.
Closes#949
This patch allow to use direct-streamlocal service from OpenSSH 6.7,
that allows UNIX socket connections.
Mods:
- delete unrelated condition:
Ref: https://github.com/libssh2/libssh2/pull/216#discussion_r374748111
- rebase on master, whitespace updates.
Patch-by: @gjalves Gustavo Junior Alves
Closes#216Closes#632Closes#945
- introduce `src/crypto.c` as an umbrella source that does nothing else
than include the selected crypto backend source. Moving this job from
the built-tool to the C preprocessor.
- this allows dropping the various techniques to pick the correct crypto
backend sources in autotools, CMake and other build method. Including
the per-backend `Makefile.<crypto-backend>.inc` makefiles.
- copy a trick from curl and instead of maintaining duplicate source
lists for CMake, convert the GNU Makefile kept for autotools
automatically. Do this in `docs`, `examples` and `src`.
Ref: dfabe8bca2/CMakeLists.txt (L1399-L1413)
Also fixes missing `libssh2_setup.h` from `src/CMakeFiles.txt` after
59666e03f0.
- move `Makefile.inc` from root to `src`.
- reformat `src/Makefile.inc` to list each source in separate lines,
re-align the continuation character and sort the lists alphabetically.
- update `docs/HACKING-CRYPTO` accordingly.
- autotools: update the way we add crypto-backends to `LIBS`.
- delete old CSV headers, indent, and merge two lines in
`docs/Makefile.am` and `src/Makefile.am`.
- add `libssh2.pc` to `.gitignore`, while there.
Closes#941
This set of changes provides a mechanism to runtime-configure the
previously #define'd timeout for reading packets from a session. The
intention here is to also extend libcurl to be able to use this
interface so that when fetching from sftp servers which are very slow
to return directory listings, connections do not time-out so much.
* Add new field to session to hold configurable read timeout
* Updated `_libssh2_packet_require()`, `_libssh2_packet_requirev()`,
and `sftp_packet_requirev()` to use new field in session structure
* Updated docs for API functions to set/get read timeout field in
session structure
* Updated `libssh2.h` to declare the get/set read timeout functions
Co-authored-by: Jon Axtell <jon.axtell@codethink.co.uk>
Credit: Daniel Silverstone
