This commit fixes linking against an OpenSSL library that was compiled with
`no-engine` support by bypassing the initialization routines as they won't be
available anyway.
OpenSSH Key and ED25519 support #39
Added _libssh2_explicit_zero() to explicitly zero sensitive data in memory #120
* ED25519 Key file support - Requires OpenSSL 1.1.1 or later
* OpenSSH Key format reading support - Supports RSA/DSA/ECDSA/ED25519 types
* New string buffer reading functions - These add build-in bounds checking and convenance methods. Used for OpenSSL PEM file reading.
* Added new tests for OpenSSH formatted Keys
* tests: Remove if-pyramids
* tests: Switch run_command arguments
* tests: Make run_command a vararg function
* tests: Xcode doesn't obey CMake's test working directory
* openssl: move manual AES-CTR cipher into crypto init
* cmake: Move our include dir before all other include paths
Use checksrc.pl from the curl project, with (for now)
suppressed long line warnings and indentation set to
4 spaces. Fixes are whitespace for the most part.
Warning count went down from 2704 to 12.
Also fix codespell typos, two non-ANSI C89 comments
and a stray tab in include/libssh2.h.
Ref: https://github.com/libssh2/libssh2/pull/235
This is a slightly extended version of this original source
from the curl project:
8b754c430b/lib/checksrc.pl
This version adds the following options to customize it for
libssh2 (plus some whitespace formatting):
`-i<n>` to override indentation spaces (2)
`-m<n>` to override maximum line length (79)
Command-line used to check libssh2 sources:
$ ./checksrc.pl -i4 -m500 *.c *.h
Closes https://github.com/libssh2/libssh2/pull/236
This commit lands full ECDSA key support when using the OpenSSL
backend. Which includes:
New KEX methods:
ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
Can now read OpenSSL formatted ECDSA key files.
Now supports known host keys of type ecdsa-sha2-nistp256.
New curve types:
NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1
Default host key preferred ordering is now nistp256, nistp384,
nistp521, rsa, dss.
Ref: https://github.com/libssh2/libssh2/issues/41
Closes https://github.com/libssh2/libssh2/pull/206
When trying to decode invalid data, it frees the buffer but doesn't nil it so the caller gets a junk memory pointer which they could potentially double free.
Fixed incorrectly copied memory from p->buf into init instead of from the decrypted buffer block. The only reason this worked was because the crypt() function decrypts the value in-place and overwrites p->buf. I'm working on a fork that no longer does this and exposed this bug.
... while throwing LIBSSH2_ERROR_EAGAIN out of session_startup()
If the session runs in blocking mode, LIBSSH2_ERROR_EAGAIN never reaches
the libssh2 API boundary and, in non-blocking mode, these messages are
suppressed by the condition in _libssh2_error_flags() anyway.
Closes#211
- New `LIBSSH2_DLL_SUFFIX` envvar will add a suffix to the generated
libssh2 dll name. Useful to add `-x64` to 64-bit builds so that
it can live in the same directory as the 32-bit one. By default
this is empty.
- New `LIBSSH2_DLL_A_SUFFIX` envvar to customize the suffix of the
generated import library (implib) for libssh2 .dll. It defaults
to `dll`, and it's useful to modify that to `.dll` to have the
standard naming scheme for mingw-built .dlls, i.e. `libssh2.dll.a`.
Ref: aaa16f8025
Closes https://github.com/libssh2/libssh2/pull/215
Allow to ovverride certain build tools, making it possible to
use LLVM/Clang to build libssh2. The default behavior is unchanged.
To build with clang (as offered by MSYS2), these settings can
be used:
LIBSSH2_CC=clang
LIBSSH2_AR=llvm-ar
LIBSSH2_RANLIB=llvm-ranlib
Also adjust ranlib parameters to be compatible with LLVM/Clang's
ranlib tool.
Closes https://github.com/libssh2/libssh2/pull/214
It breaks SCP download/upload from/to certain server implementations.
The bug does not manifest with OpenSSH, which silently drops the NUL
byte (eventually with any garbage that follows the NUL byte) before
executing it.
Bug: https://bugzilla.redhat.com/1489736
When building with OPENSSL_API_COMPAT=0x10100000L, OpenSSL_add_all_algorithms
and OpenSSL_add_all_ciphers don't exist. The corresponding functionality is
handled automatically with OpenSSL 1.1.
