- simplify `.TH` headers.
- delete empty lines before sections.
- update template with an `AVAILABILITY` section.
Left libssh2 version number in the `.TH` header for entries without an
`AVAILABILITY` section, or where there was a different version number
there.
This PR contains a series of patches that date back many years and I
believe were discussed on the mailing list, but never merged. We have
been using these in our local copy of libssh2 without issue since 2015,
if not earlier. I believe this is the full set of changes, as we tried
to use comments to mark where our copy of libssh2 differs from the
canonical version.
This also contains changes I made earlier this year, but which were not
discussed on the mailing list, to support certificates and FIDO2 keys
with agent forwarding.
Note that this is not a complete implementation of agent forwarding, as
that is outside the scope of libssh2. Clients still need to provide
their own implementation that parses ssh-agent methods after calling
libssh2_channel_read() and calls the appropriate callback messages in
libssh2. See the man page changes in this PR for more details.
Integration-patches-by: Viktor Szakats
* prefer size_t
* prefer unsigned int over u_int in public function
* add const
* docs, indent, checksrc, debug call, compiler warning fixes
Can send specific signals to remote process. Allows for slightly
improved remote process management, if the server supports it.
Integration-patches-by: Viktor Szakats
* doc updates
* change `signame_len` to `size_t`
* variable scopes
* fix checksrc warnings
Closes#672Closes#991
Add support for aes256-gcm@openssh.com and aes128-gcm@openssh.com
ciphers, which are the OpenSSH implementations of AES-GCM cryptography.
It is similar to RFC5647 but has changes to the MAC protocol
negotiation. These are implemented for recent versions of OpenSSL only.
The ciphers work differently than most previous ones in two big areas:
the cipher includes its own integrated MAC, and the packet length field
in the SSH frame is left unencrypted. The code changes necessary are
gated by flags in the LIBSSH2_CRYPT_METHOD configuration structure.
These differences mean that both the first and last parts of a block
require special handling during encryption. The first part is where the
packet length field is, which must be kept out of the encryption path
but in the authenticated part (as AAD). The last part is where the
Authentication Tag is found, which is calculated and appended during
encryption or removed and validated on decryption. As encryption/
decryption is performed on each packet in a loop, one block at a time,
flags indicating when the first and last blocks are being processed are
passed down to the encryption layers.
The strict block-by-block encryption that occurs with other protocols is
inappropriate for AES-GCM, since the packet length shifts the first
encrypted byte 4 bytes into the block. Additionally, the final part of
the block must contain the AES-GCM's Authentication Tag, so it must be
presented to the lower encryption layer whole. These requirements mean
added code to consolidate blocks as they are passed down.
When AES-GCM is negotiated as the cipher, its built-in MAC is
automatically used as the SSH MAC so further MAC negotiation is not
necessary. The SSH negotiation is skipped when _libssh2_mac_override()
indicates that such a cipher is in use. The virtual MAC configuration
block mac_method_hmac_aesgcm is then used as the MAC placeholder.
This work was sponsored by Anders Borum.
Integration-patches-by: Viktor Szakats
* fix checksrc errors
* fix openssl.c warning
* fix transport.c warnings
* switch to `LIBSSH2_MIN/MAX()` from `MIN()`/`MAX()`
* fix indent
* fix libgcrypt unused warning
* fix mbedtls unused warning
* fix wincng unused warning
* fix old openssl unused variable warnings
* delete blank lines
* updates to help merging with the ETM patch
- fix indentation errors.
- reformat `cmake/FindmbedTLS.cmake`
- replace a macro with a variable in `example/sftp_RW_nonblock.c`.
- delete macOS macro `_DARWIN_USE_64_BIT_INODE` from the
OS/400 config header, `os400/libssh2_config.h`.
- fix other minor nits.
Closes#983
* os400: support QADRT development files in a non-standard directory
This enables the possibility to compile libssh2 even if the ascii
runtime development files are not installed system-wide.
* userauth_kbd_packet: fix a pointer target type mismatch.
A temporary variable matching the parameter type is used before copying
to the real target and checking for overflow (that should not occur!).
* os400qc3: move and fix big number procedures
A bug added by a previous code style cleaning is fixed.
_libssh2_random() now checks and return the success status.
* os400qc3: fix cipher definition block lengths
They were wrongly set to the key size.
* Diffie-Hellman min/max modulus sizes are dependent of crypto-backend
In particular, os400qc3 limits the maximum group size to 2048-bits.
Move definitions of these parameters to crypto backend header files.
* kex: return an error if Diffie-Hellman key pair generation fails
* os400: add an ascii assert.h header file
* os400qc3: implement RSA SHA2 256/512
Before this patch, libssh2 sent hardcoded `LIBSSH2_SFTP_ATTRIBUTES`
struct on handle open. This can be problematic on some special OS,
where the file size should be known on new file creation. I added
two new functions to resolve this issue.
Patch-by: @vajdaakos on github via #506
Changes compared to #506:
- drop attr size fixup in favour of #946.
- move `memcpy()` under the state where we need it.
- bump filename length type to `size_t`.
- fix filenames in documentation and other nits.
Closes#506Closes#947
- add missing `.fi` tags.
- fix misplaced `.nf` tags.
- add `.nf`/`.fi` tags `SYNOPSIS` where missing.
- fix missing/wrong function name from `SH NAME`.
- fix wrong function name in `TH`.
- keep return values in a separate line.
- indent.
- fold long lines.
- deleted `libssh2_channel_direct_streamlocal()`, there is no such function.
- add missing types.
- add missing headers.
Closes#949
This patch allow to use direct-streamlocal service from OpenSSH 6.7,
that allows UNIX socket connections.
Mods:
- delete unrelated condition:
Ref: https://github.com/libssh2/libssh2/pull/216#discussion_r374748111
- rebase on master, whitespace updates.
Patch-by: @gjalves Gustavo Junior Alves
Closes#216Closes#632Closes#945
- introduce `src/crypto.c` as an umbrella source that does nothing else
than include the selected crypto backend source. Moving this job from
the built-tool to the C preprocessor.
- this allows dropping the various techniques to pick the correct crypto
backend sources in autotools, CMake and other build method. Including
the per-backend `Makefile.<crypto-backend>.inc` makefiles.
- copy a trick from curl and instead of maintaining duplicate source
lists for CMake, convert the GNU Makefile kept for autotools
automatically. Do this in `docs`, `examples` and `src`.
Ref: dfabe8bca2/CMakeLists.txt (L1399-L1413)
Also fixes missing `libssh2_setup.h` from `src/CMakeFiles.txt` after
59666e03f0.
- move `Makefile.inc` from root to `src`.
- reformat `src/Makefile.inc` to list each source in separate lines,
re-align the continuation character and sort the lists alphabetically.
- update `docs/HACKING-CRYPTO` accordingly.
- autotools: update the way we add crypto-backends to `LIBS`.
- delete old CSV headers, indent, and merge two lines in
`docs/Makefile.am` and `src/Makefile.am`.
- add `libssh2.pc` to `.gitignore`, while there.
Closes#941
This set of changes provides a mechanism to runtime-configure the
previously #define'd timeout for reading packets from a session. The
intention here is to also extend libcurl to be able to use this
interface so that when fetching from sftp servers which are very slow
to return directory listings, connections do not time-out so much.
* Add new field to session to hold configurable read timeout
* Updated `_libssh2_packet_require()`, `_libssh2_packet_requirev()`,
and `sftp_packet_requirev()` to use new field in session structure
* Updated docs for API functions to set/get read timeout field in
session structure
* Updated `libssh2.h` to declare the get/set read timeout functions
Co-authored-by: Jon Axtell <jon.axtell@codethink.co.uk>
Credit: Daniel Silverstone
libssh2 supports an "old" style KEX message
`SSH2_MSG_KEX_DH_GEX_REQUEST_OLD`, as an off-by-default build option.
OpenSSH deprecated/disabled this feature in v6.9 (2015-07-01):
https://www.openssh.com/releasenotes.html#6.9
This patch deletes this obsolete feature from libssh2, with no option
to enable it.
Added to libssh2 in: cf8ca63ea0 (2004-12-31)
RFC: https://datatracker.ietf.org/doc/html/rfc4419 (2006-03)
Apply type changes to avoid casts and warnings. In most cases this
means changing to a larger type, usually `size_t` or `ssize_t`.
Change signedness in a few places.
Also introduce new variables to avoid reusing them for multiple
purposes, to avoid casts and warnings.
- add FIXME for public `libssh2_sftp_readdir_ex()` return type.
- fix `_libssh2_mbedtls_rsa_sha2_verify()` to verify if `sig_len`
is large enough.
- fix `_libssh2_dh_key_pair()` in `wincng.c` to return error if
`group_order` input is negative.
Maybe we should also reject zero?
- bump `_libssh2_random()` size type `int` -> `size_t`. Add checks
for WinCNG and OpenSSL to return error if requested more than they
support (`ULONG_MAX`, `INT_MAX` respectively).
- change `_libssh2_ntohu32()` return value `unsigned int` -> `uint32_t`.
- fix `_libssh2_mbedtls_bignum_random()` to check for a negative `top`
input.
- size down `_libssh2_wincng_key_sha_verify()` `hashlen` to match
Windows'.
- fix `session_disconnect()` to limit length of `lang_len`
(to 256 bytes).
- fix bad syntax in an `assert()`.
- add a few `const` to casts.
- `while(1)` -> `for(;;)`.
- add casts that didn't fit into #876.
- update `docs/HACKING-CRYPTO` with new sizes.
May need review for OS400QC3: /cc @monnerat @jonrumsey
See warning details in the PR's individual commits.
Cherry-picked from #846Closes#879
- `BUILD_SHARED_LIBS=ON` no longer disables building static lib.
When set, we build the static lib with PIC enabled.
For shared lib only, set `BUILD_STATIC_LIBS=OFF`. For static lib
without PIC, leave this option disabled.
- new setting: `BUILD_STATIC_LIBS`. `ON` by default.
Force-enabled when building examples or tests (we build those in
static mode always.)
- fix to exclude Windows Resource from the static lib.
- fix to not overwrite static lib with shared implib on Windows
platforms using identical suffix for them (MSVS). By using
`libssh2_imp<.ext>` implib filename.
- add support for `STATIC_LIB_SUFFIX` setting to set an optional suffix
(e.g. `_static`) for the static lib. (experimental, not documented).
Overrides the above when set.
- fix to set `dllexport` when building shared lib.
- set `TrackFileAccess=false` for MSVS.
For faster builds, shorter verbose logs.
- tests: new test linking against shared libssh2: `test_warmup_shared`
- tests: simplify 'runner' lib by merging 3 libs into a single one.
- tests: drop hack from `test_keyboard_interactive_auth_info_request`
build.
We no longer need to compile `src/misc.c` because we always link
libssh2 statically.
- tests: limit `FIXTURE_WORKDIR=` to the `runner` target.
TL;DR: Default behavior unchanged: static (no-PIC), no shared.
Enabling shared unchanged, but now also builds a static (PIC)
lib by default.
Based-on: b60dca8b64#547 by berney on github
Fixes: #547Fixes: #675Closes: #863
wolfSSL supports building with zlib as a dependency, that's the reason
for the ZLIB logic in the patch.
Also add it to `docs/INSTALL_CMAKE.md` and to the help text in
`src/CMakeLists.txt`.
Running tests not actually tested.
Follow-up to 9f217a17f6
Ref: #817
Many files have been added to the cmake build files but not the automake
ones in recent years. Missing ones have been added so automake "make
dist" will now create a usable tar ball.
The integration tests using Docker are now built with automake as well
(with "make check"). They are not run yet since they aren't working yet
on Linux.
Notes:
In #614 it was identified the docs do not accurately show how libssh2_channel_flush_ex() return value is set. I have updated the doc's to correctly show what the function is returning.
Credit:
Ryan Kelley
File:
version.c, HACKING-CRYPTO, libssh2.h, libssh2_crypto_engine.3, makefile.
Notes:
libssh2_crypto_engine() API to get crypto engine at runtime.
Credit: Bastien Durel
Notes:
* Host Key RSA 256/512 support #536
* Client side key hash upgrading for RFC 8332
* Support for server-sig-algs, ext-info-c server messages
* Customizing preferred server-sig-algs via the preference LIBSSH2_METHOD_SIGN_ALGO
Credit: Anders Borum, Will Cosgrove
Notes:
* Make _libssh2_random return code consistent
Previously, _libssh2_random was advertized in HACKING.CRYPTO as
returning `void` (and was implemented that way in os400qc3.c), but that
was in other crypto backends a lie; _libssh2_random is (a macro
expanding) to an int-value expression or function.
Moreover, that returned code was:
— 0 or success, -1 on error for the MbedTLS & WinCNG crypto backends
But also:
— 1 on success, -1 or 0 on error for the OpenSSL backend!
– 1 on success, error cannot happen for libgcrypt!
This commit makes explicit that _libssh2_random can fail (because most of
the underlying crypto functions can indeed fail!), and it makes its result
code consistent: 0 on success, -1 on error.
This is related to issue #519https://github.com/libssh2/libssh2/issues/519
It fixes the first half of it.
* Don't silent errors of _libssh2_random
Make sure to check the returned code of _libssh2_random(), and
propagates any failure.
A new LIBSSH_ERROR_RANDGEN constant is added to libssh2.h
None of the existing error constants seemed fit.
This commit is related to d74285b684
and to https://github.com/libssh2/libssh2/issues/519 (see the issue
for more info.) It closes#519.
Credit:
Paul Capron
Notes:
The buildconf script is currently required, because we need to copy a
header around, because it is used both from the library and the examples
sources.
However, having a custom 'buildconf'-like script is not needed if we can
ensure that the header exists by the time it is needed. For that, we can
just append the src/ directory to the headers search path for the
examples.
And then it means we no longer need to generate the same header twice,
so we remove the second one from configure.ac.
Now, we can just call "autoreconf -fi" to generate the autotools files,
instead of relying on the canned sequence in "buildconf", since
autoreconf has now long known what to do at the correct moment (future
versions of autotools, automake, autopoint, autoheader etc... may
require an other ordering, or other intermediate steps, etc...).
Eventually, get rid of buildconf now it is no longer needed. In fact, we
really keep it for legacy, but have it just call autoreconf (and print a
nice user-friendly warning). Don't include it in the release tarballs,
though.
Update doc, gitignore, and travis-CI jobs accordingly.
Credit:
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Sam Voss <sam.voss@rockwellcollins.com>
File: INSTALL_CMAKE.md
Notes:
Although the original text would be immediately clear to seasoned users of CMAKE and/or Unix shell, the lack of newlines may cause some confusion for newcomers. Hence, wrapping the texts in a md code-block such that the newlines appear as intended.
credit:
suryakalpo
File: HACKING.CRYPTO
Notes:
This commit updates the HACKING.CRYPTO documentation file in an attempt to make it in sync with current code.
New documented features are:
SHA384
SHA512
ECDSA
ED25519
Credit:
monnerat
