php-win-ext/libssh2
1
0
Fork 0
mirror of https://github.com/php-win-ext/libssh2.git synced 2026-03-25 01:22:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: php-win-ext:libssh2-1.7.0
Branches Tags
php-win-ext:master php-win-ext:v1.9.0
php-win-ext:libssh2-1.10.0 php-win-ext:libssh2-1.9.0 php-win-ext:libssh2-1.8.2 php-win-ext:libssh2-1.8.1 php-win-ext:libssh2-1.8.0 php-win-ext:libssh2-1.7.0 php-win-ext:libssh2-1.6.0 php-win-ext:libssh2-1.5.0 php-win-ext:libssh2-1.4.3 php-win-ext:libssh2-1.4.2
..
compare: php-win-ext:libssh2-1.8.0
Branches Tags
php-win-ext:v1.9.0 php-win-ext:master
php-win-ext:libssh2-1.10.0 php-win-ext:libssh2-1.9.0 php-win-ext:libssh2-1.8.2 php-win-ext:libssh2-1.8.1 php-win-ext:libssh2-1.8.0 php-win-ext:libssh2-1.7.0 php-win-ext:libssh2-1.6.0 php-win-ext:libssh2-1.5.0 php-win-ext:libssh2-1.4.3 php-win-ext:libssh2-1.4.2

2 Commits
libssh2-1. ... libssh2-1.

Author SHA1 Message Date
Anatol Belski (HvS)
15f0a3a1f0 fix zlib lib names 2016-11-02 16:44:53 +01:00
Anatol Belski
29ad98fd94 upgrade to libssh2-1.8.0 2016-11-02 12:03:13 +01:00
89 changed files with 11366 additions and 5557 deletions
Expand all files Collapse all files

8
CMakeLists.txt
View File

@@ -41,6 +41,14 @@ project(libssh2 C)
set(PROJECT_URL "https://www.libssh2.org/")
set(PROJECT_DESCRIPTION "The SSH library")
if (CMAKE_VERSION VERSION_LESS "3.1")
if (CMAKE_C_COMPILER_ID STREQUAL "GNU")
set (CMAKE_C_FLAGS "--std=gnu90 ${CMAKE_C_FLAGS}")
endif()
else()
set (CMAKE_C_STANDARD 90)
endif()
option(BUILD_SHARED_LIBS "Build Shared Libraries" OFF)
# Parse version

4
Makefile.am
View File

@@ -88,8 +88,8 @@ coverage: init-coverage build-coverage gen-coverage
# DSP/VCPROJ generation adapted from libcurl
# only OpenSSL and WinCNG are supported with this build system
CRYPTO_CSOURCES = openssl.c wincng.c
CRYPTO_HHEADERS = openssl.h wincng.h
CRYPTO_CSOURCES = openssl.c wincng.c mbedtls.c
CRYPTO_HHEADERS = openssl.h wincng.h mbedtls.h
# Makefile.inc provides the CSOURCES and HHEADERS defines
include Makefile.inc

9
Makefile.in
View File

@@ -273,6 +273,7 @@ GREP = @GREP@
HAVE_LIBBCRYPT = @HAVE_LIBBCRYPT@
HAVE_LIBCRYPT32 = @HAVE_LIBCRYPT32@
HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
HAVE_LIBMBEDTLS = @HAVE_LIBMBEDTLS@
HAVE_LIBSSL = @HAVE_LIBSSL@
HAVE_LIBZ = @HAVE_LIBZ@
INSTALL = @INSTALL@
@@ -288,6 +289,8 @@ LIBCRYPT32 = @LIBCRYPT32@
LIBCRYPT32_PREFIX = @LIBCRYPT32_PREFIX@
LIBGCRYPT = @LIBGCRYPT@
LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
LIBMBEDTLS = @LIBMBEDTLS@
LIBMBEDTLS_PREFIX = @LIBMBEDTLS_PREFIX@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBSREQUIRED = @LIBSREQUIRED@
@@ -302,9 +305,11 @@ LN_S = @LN_S@
LTLIBBCRYPT = @LTLIBBCRYPT@
LTLIBCRYPT32 = @LTLIBCRYPT32@
LTLIBGCRYPT = @LTLIBGCRYPT@
LTLIBMBEDTLS = @LTLIBMBEDTLS@
LTLIBOBJS = @LTLIBOBJS@
LTLIBSSL = @LTLIBSSL@
LTLIBZ = @LTLIBZ@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
@@ -428,8 +433,8 @@ ACLOCAL_AMFLAGS = -I m4
# DSP/VCPROJ generation adapted from libcurl
# only OpenSSL and WinCNG are supported with this build system
CRYPTO_CSOURCES = openssl.c wincng.c
CRYPTO_HHEADERS = openssl.h wincng.h
CRYPTO_CSOURCES = openssl.c wincng.c mbedtls.c
CRYPTO_HHEADERS = openssl.h wincng.h mbedtls.h
CSOURCES = channel.c comp.c crypt.c hostkey.c kex.c mac.c misc.c \
packet.c publickey.c scp.c session.c sftp.c userauth.c transport.c \
version.c knownhost.c agent.c $(CRYPTO_CSOURCES) pem.c keepalive.c global.c

2
Makefile.mbedTLS.inc Normal file
View File

@@ -0,0 +1,2 @@
CRYPTO_CSOURCES = mbedtls.c
CRYPTO_HHEADERS = mbedtls.h

353
NEWS
View File

@@ -1,5 +1,208 @@
Changelog for the libssh2 project. Generated with git2news.pl
Version 1.8.0 (25 Oct 2016)
Daniel Stenberg (25 Oct 2016)
- RELEASE-NOTES: adjusted for 1.8.0
Kamil Dudka (20 Oct 2016)
- Revert "aes: the init function fails when OpenSSL has AES support"
This partially reverts commit f4f2298ef3635acd031cc2ee0e71026cdcda5864
because it caused the compatibility code to call initialization routines
redundantly, leading to memory leakage with OpenSSL 1.1 and broken curl
test-suite in Fedora:
88 bytes in 1 blocks are definitely lost in loss record 5 of 8
at 0x4C2DB8D: malloc (vg_replace_malloc.c:299)
by 0x72C607D: CRYPTO_zalloc (mem.c:100)
by 0x72A2480: EVP_CIPHER_meth_new (cmeth_lib.c:18)
by 0x4E5A550: make_ctr_evp.isra.0 (openssl.c:407)
by 0x4E5A8E8: _libssh2_init_aes_ctr (openssl.c:471)
by 0x4E5BB5A: libssh2_init (global.c:49)
Daniel Stenberg (19 Oct 2016)
- [Charles Collicutt brought this change]
libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds (#134)
Fixes #74
- [Charles Collicutt brought this change]
Set err_msg on _libssh2_wait_socket errors (#135)
- Revert "travis: Test mbedtls too"
This reverts commit 3e6de50a24815e72ec5597947f1831f6083b7da8.
Travis doesn't seem to support the mbedtls-dev package
- maketgz: support "only" to only update version number locally
and fix the date output locale
- configure: make the --with-* options override the OpenSSL default
... previously it would default to OpenSSL even with the --with-[crypto]
options used unless you specificly disabled OpenSSL. Now, enabling another
backend will automatically disable OpenSSL if the other one is found.
- [Keno Fischer brought this change]
docs: Add documentation on new cmake/configure options
- [Keno Fischer brought this change]
configure: Add support for building with mbedtls
- [wildart brought this change]
travis: Test mbedtls too
- [wildart brought this change]
crypto: add support for the mbedTLS backend
Closes #132
- [wildart brought this change]
cmake: Add CLEAR_MEMORY option, analogously to that for autoconf
- README.md: fix link typo
- README: markdown version to look nicer on github
Viktor Szakats (5 Sep 2016)
- [Taylor Holberton brought this change]
openssl: add OpenSSL 1.1.0 compatibility
Daniel Stenberg (4 Sep 2016)
- [Antenore Gatta brought this change]
tests: HAVE_NETINET_IN_H was not defined correctly (#127)
Fixes #125
- SECURITY: fix web site typo
- SECURITY: security process
GitHub (14 Aug 2016)
- [Alexander Lamaison brought this change]
Basic dockerised test suite.
This introduces a test suite for libssh2. It runs OpenSSH in a Docker
container because that works well on Windows (via docker-machine) as
well as Linux. Presumably it works on Mac too with docker-machine, but
I've not tested that.
Because the test suite is docker-machine aware, you can also run it
against a cloud provider, for more realistic network testing, by setting
your cloud provider as your active docker machine. The Appveyor CI setup
in this commit does that because Appveyor doesn't support docker
locally.
Kamil Dudka (3 Aug 2016)
- [Viktor Szakats brought this change]
misc.c: Delete unused static variables
Closes #114
Daniel Stenberg (9 Apr 2016)
- [Will Cosgrove brought this change]
Merge pull request #103 from willco007/patch-2
Fix for security issue CVE-2016-0787
Alexander Lamaison (2 Apr 2016)
- [Zenju brought this change]
Fix MSVC 14 compilation errors
For _MSC_VER == 1900 these macros are not needed and create problems:
1>C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1925): warning C4005: 'snprintf': macro redefinition (compiling source file libssh2-files\src\mac.c)
1> \win32\libssh2_config.h(27): note: see previous definition of 'snprintf' (compiling source file libssh2-files\src\mac.c)
1>C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1927): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration (compiling source file libssh2-files\src\mac.c)
Daniel Stenberg (26 Mar 2016)
- [Brad Harder brought this change]
_libssh2_channel_open: speeling error fixed in channel error message
Alexander Lamaison (15 Mar 2016)
- Link with crypt32.lib on Windows.
Makes linking with static OpenSSL work again. Although it's not
required for dynamic OpenSSL, it does no harm.
Fixes #98.
- [Craig A. Berry brought this change]
Tweak VMS help file building.
Primarily this is handling cases where top-level files moved into
the docs/ directory. I also corrected a typo and removed the
claim that libssh2 is public domain.
- [Craig A. Berry brought this change]
Build with standard stat structure on VMS.
This gets us large file support, is available on any VMS release
in the last decade and more, and gives stat other modern features
such as 64-bit ino_t.
- [Craig A. Berry brought this change]
Update vms/libssh2_config.h.
VMS does have stdlib.h, gettimeofday(), and OpenSSL. The latter
is appropriate to hard-wire in the configuration because it's
installed by default as part of the base operating system and
there is currently no libgcrypt port.
- [Craig A. Berry brought this change]
VMS can't use %zd for off_t format.
%z is a C99-ism that VMS doesn't currently have; even though the
compiler is C99-compliant, the library isn't quite. The off_t used
for the st_size element of the stat can be 32-bit or 64-bit, so
detect what we've got and pick a format accordingly.
- [Craig A. Berry brought this change]
Normalize line endings in libssh2_sftp_get_channel.3.
Somehow it got Windows-style CRLF endings so convert to just LF,
for consistency as well as not to confuse tools that will regard
the \r as content (e.g. the OpenVMS help librarian).
Dan Fandrich (29 Feb 2016)
- libgcrypt: Fixed a NULL pointer dereference on OOM
Daniel Stenberg (24 Feb 2016)
- [Viktor Szakats brought this change]
url updates, HTTP => HTTPS
Closes #87
Dan Fandrich (23 Feb 2016)
- RELEASE-NOTES: removed some duplicated names
Version 1.7.0 (23 Feb 2016)
Daniel Stenberg (23 Feb 2016)
@@ -807,7 +1010,7 @@ Alexander Lamaison (13 Mar 2015)
- Without zlib
Conflicts:
README
README
- Man man syntax tests fail gracefully if man version is not suitable.
@@ -882,18 +1085,18 @@ Guenter Knauf (8 Jan 2015)
Marc Hoersken (29 Dec 2014)
- knownhost.c: fix use of uninitialized argument variable wrote
Detected by clang scan in line 1195, column 18.
Detected by clang scan in line 1195, column 18.
- examples/x11.c: fix result of operation is garbage or undefined
Fix use of uninitialized structure w_size_bck.
Detected by clang scan in line 386, column 28.
Detected by clang scan in line 386, column 28.
- examples/x11.c: remove dead assigments of some return values
Detected by clang scan in line 212, column 9.
Detected by clang scan in line 222, column 13.
Detected by clang scan in line 410, column 13.
Detected by clang scan in line 410, column 13.
- examples/x11.c: fix possible memory leak if read fails
@@ -5286,145 +5489,3 @@ Simon Josefsson (16 Nov 2009)
in <http://thread.gmane.org/gmane.network.ssh.libssh2.devel/2530>.
- add copyright line
- support arcfour128 cipher per RFC 4345
Daniel Stenberg (21 Oct 2009)
- [Cristian Rodríguez brought this change]
add support for GCC visibility features
Simon Josefsson (19 Oct 2009)
- less hard coding of cipher mode in libgcrypt backend
Daniel Stenberg (18 Oct 2009)
- [Juzna brought this change]
libssh2_channel_forward_accept() and listening fixes
The forward accepting was not done right before, and the
packet_queue_listener function didn't assign a necessary
variable. All fixed by Juzna. I (Daniel) modified the
forward_accept() change somewhat.
- added man page for libssh2_knownhost_free
- more CVS => DEV conversions
- remove references to "CVS"
- we are on the 1.2.2 track nowadays
Peter Stuge (17 Oct 2009)
- Ensure that win32/libssh2.dsp will be generated with CRLF line endings
First, win32/msvcproj.{head,foot} are now committed with CRLF line endings,
and .gitattributes specifies that these should not be changed on checkout or
commit. These are win32 files so it makes sense to store them with native
line endings.
Second, the rules for generating libssh2.dsp and libssh2.vcproj are changed
so that the full file contents passes through awk, which strips all CR and
then prints each line with one CRLF line ending. Stripping CR is important
to avoid CRCRLF in case the input already comes with CRLF.
Dan Fandrich (29 Sep 2009)
- Make sure permissions on the private host key file is tight enough that
sshd doesn't complain. Quote $srcdir to try to cope with embedded spaces.
Peter Stuge (30 Sep 2009)
- Clarify the scp_write examples slightly and use an octal mask for the mode
Version 1.2.1 (29 Sep 2009)
Daniel Stenberg (29 Sep 2009)
- 1.2.1 preparations
- remove ChangeLog and win32/libssh2.dsp only at make distclean
Simon Josefsson (23 Sep 2009)
- Fix shell usage.
Daniel Stenberg (22 Sep 2009)
- clarify that the paths are the remote ones
- let hpux systems build with _REENTRANT defined as well
- updated to match reality
I went over the commit log and added what I believe is all notable
changes and bugfixes since the 1.2 release
Peter Stuge (20 Sep 2009)
- Fix scp examples to loop correctly over libssh2_channel_write()
- Fix transport layer bug causing invalid -39 (LIBSSH2_ERROR_BAD_USE) errors
The channel layer sends packets using the transport layer, possibly
calling _libssh2_transport_write() many times for each packet.
The transport layer uses the send_existing() helper to send out any
remaining parts of previous packets before a new packet is started.
The bug made send_existing() consider the entire packet sent as soon as it
successfully sent the second part of a packet, even if the packet was not
completely done yet.
Daniel Stenberg (19 Sep 2009)
- [Neil Gierman brought this change]
Added gettimeofday() function for win32
Neil Gierman's patch adds a gettimeofday() function for win32
for the libssh2_trace() functionality. The code originates from
cygwin and was put in the public domain by the author
Danny Smith <dannysmith@users.sourceforge.net>
- libssh2_channel_read_ex() must return 0 when closed
If the channel is already at EOF or even closed at the end of the
libssh2_channel_read_ex() function and there's no data to return,
we need to signal that back. We may have gotten that info while
draining the incoming transport layer until EAGAIN so we must not
be fooled by that return code.
Dan Fandrich (16 Sep 2009)
- Ignore tags file
- Some platforms need sys/socket.h included before netinet/in.h.
Fixed an unused variable compiler warning.
Daniel Stenberg (16 Sep 2009)
- libssh2_channel_wait_closed() could hang
libssh2_channel_wait_closed() had a bad loop waiting for the
channel to close, as it could easily miss the info and then if
the socket would be silent from that moment the funtion would
hang if in blocking-mode or just return EAGAIN wrongly to the
app. The drain-transport loop now correctly checks if the close
has arrived.
- make libssh2_scp_send/recv do blocking mode correctly
Somehow I had completely missed to make the libssh2_scp_send/recv
functions support the blocking mode the correct way so when I
cleaned up things the other day blocking mode broke for them...
Fixed now.
Guenter Knauf (8 Sep 2009)
- changed NetWare test makefile static link order
- removed conditional sources from Makefile.inc
added ifdef blocks to libgcrypt.c, pem.c, openssl.c
Simon Josefsson (7 Sep 2009)
- Fix compilation errors.
Guenter Knauf (6 Sep 2009)
- some more NetWare build fixes.
- some more NetWare makefile fixes.
- added sys/select.h include to samples for fd_set on NetWare.
- accept CFLAGS from environment.

4
README
View File

@@ -4,9 +4,9 @@ libssh2 - SSH2 library
libssh2 is a library implementing the SSH2 protocol, available under
the revised BSD license.
Web site: http://www.libssh2.org/
Web site: https://www.libssh2.org/
Mailing list: http://cool.haxx.se/mailman/listinfo/libssh2-devel
Mailing list: https://cool.haxx.se/mailman/listinfo/libssh2-devel
License: see COPYING

63
RELEASE-NOTES
View File

@@ -1,56 +1,31 @@
libssh2 1.7.0
libssh2 1.8.0
This release includes the following changes:
o libssh2_session_set_last_error: Add function
o mac: Add support for HMAC-SHA-256 and HMAC-SHA-512
o WinCNG: support for SHA256/512 HMAC
o kex: Added diffie-hellman-group-exchange-sha256 support
o OS/400 crypto library QC3 support
This release includes the following security advisory:
o diffie_hellman_sha256: convert bytes to bits
CVE-2016-0787: http://www.libssh2.org/adv_20160223.html
o added a basic dockerised test suite
o crypto: add support for the mbedTLS backend
This release includes the following bugfixes:
o SFTP: Increase speed and datasize in SFTP read
o openssl: make libssh2_sha1 return error code
o openssl: fix memleak in _libssh2_dsa_sha1_verify()
o cmake: include CMake files in the release tarballs
o Fix builds with Visual Studio 2015
o hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined
o GNUmakefile: add support for LIBSSH2_LDFLAG_EXTRAS
o GNUmakefile: add -m64 CFLAGS when targeting mingw64
o kex: free server host key before allocating it (again)
o SCP: add libssh2_scp_recv2 to support large (> 2GB) files on windows
o channel: Detect bad usage of libssh2_channel_process_startup
o userauth: Fix off by one error when reading public key file
o kex: removed dupe entry from libssh2_kex_methods
o _libssh2_error: Support allocating the error message
o hostkey: fix invalid memory access if libssh2_dsa_new fails
o hostkey: align code path of ssh_rsa_init to ssh_dss_init
o libssh2.pc.in: fix the output of pkg-config --libs
o wincng: fixed possible memory leak in _libssh2_wincng_hash
o wincng: fixed _libssh2_wincng_hash_final return value
o add OpenSSL 1.1.0-pre2 compatibility
o agent_disconnect_unix: unset the agent fd after closing it
o sftp: stop reading when buffer is full
o sftp: Send at least one read request before reading
o sftp: Don't return EAGAIN if data was written to buffer
o sftp: Check read packet file offset
o configure: build "silent" if possible
o openssl: add OpenSSL 1.1.0-pre3-dev compatibility
o GNUmakefile: list system libs after user libs
o libgcrypt: fixed a NULL pointer dereference on OOM
o VMS: can't use %zd for off_t format
o VMS: update vms/libssh2_config.h
o windows: link with crypt32.lib
o libssh2_channel_open: speeling error fixed in channel error message
o msvc: fixed 14 compilation warnings
o tests: HAVE_NETINET_IN_H was not defined correctly
o openssl: add OpenSSL 1.1.0 compatibility
o cmake: Add CLEAR_MEMORY option, analogously to that for autoconf
o configure: make the --with-* options override the OpenSSL default
o libssh2_wait_socket: set err_msg on errors
o libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alexander Lamaison, Andreas Schneider, brian m. carlson, Daniel Stenberg,
David Byron, Jakob Egger, Kamil Dudka, Marc Hoersken, Mizunashi Mana,
Patrick Monnerat, Paul Howarth, Salvador Fandino, Salvador Fandiño,
Salvador Fandiño, Viktor Szakats, Will Cosgrove,
(16 contributors)
Alexander Lamaison, Antenore Gatta, Brad Harder, Charles Collicutt,
Craig A. Berry, Dan Fandrich, Daniel Stenberg, Kamil Dudka, Keno Fischer,
Taylor Holberton, Viktor Szakats, Will Cosgrove, Zenju
(12 contributors)
Thanks! (and sorry if I forgot to mention someone)

83
acinclude.m4
View File

@@ -382,3 +382,86 @@ AC_DEFUN([CURL_CONFIGURE_REENTRANT], [
#
])
AC_DEFUN([LIBSSH2_CHECKFOR_MBEDTLS], [
old_LDFLAGS=$LDFLAGS
old_CFLAGS=$CFLAGS
if test -n "$use_mbedtls" && test "$use_mbedtls" != "no"; then
LDFLAGS="$LDFLAGS -L$use_mbedtls/lib"
CFLAGS="$CFLAGS -I$use_mbedtls/include"
fi
AC_LIB_HAVE_LINKFLAGS([mbedtls], [], [
#include <mbedtls/version.h>
])
if test "$ac_cv_libmbedtls" = "yes"; then
AC_DEFINE(LIBSSH2_MBEDTLS, 1, [Use mbedtls])
LIBSREQUIRED= # mbedtls doesn't provide a .pc file
LIBS="$LIBS -lmbedtls -lmbedcrypto"
found_crypto=libmbedtls
support_clear_memory=yes
else
# restore
LDFLAGS=$old_LDFLAGS
CFLAGS=$old_CFLAGS
fi
])
AC_DEFUN([LIBSSH2_CHECKFOR_GCRYPT], [
old_LDFLAGS=$LDFLAGS
old_CFLAGS=$CFLAGS
if test -n "$use_libgcrypt" && test "$use_libgcrypt" != "no"; then
LDFLAGS="$LDFLAGS -L$use_libgcrypt/lib"
CFLAGS="$CFLAGS -I$use_libgcrypt/include"
fi
AC_LIB_HAVE_LINKFLAGS([gcrypt], [], [
#include <gcrypt.h>
])
if test "$ac_cv_libgcrypt" = "yes"; then
AC_DEFINE(LIBSSH2_LIBGCRYPT, 1, [Use libgcrypt])
LIBSREQUIRED= # libgcrypt doesn't provide a .pc file. sad face.
LIBS="$LIBS -lgcrypt"
found_crypto=libgcrypt
else
# restore
LDFLAGS=$old_LDFLAGS
CFLAGS=$old_CFLAGS
fi
])
AC_DEFUN([LIBSSH2_CHECKFOR_WINCNG], [
# Look for Windows Cryptography API: Next Generation
AC_LIB_HAVE_LINKFLAGS([bcrypt], [], [
#include <windows.h>
#include <bcrypt.h>
])
AC_LIB_HAVE_LINKFLAGS([crypt32], [], [
#include <windows.h>
#include <wincrypt.h>
])
AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [
#include <windows.h>
])
AC_CHECK_DECLS([SecureZeroMemory], [], [], [
#include <windows.h>
])
if test "$ac_cv_libbcrypt" = "yes"; then
AC_DEFINE(LIBSSH2_WINCNG, 1, [Use Windows CNG])
LIBSREQUIRED= # wincng doesn't provide a .pc file. sad face.
LIBS="$LIBS -lbcrypt"
if test "$ac_cv_libcrypt32" = "yes"; then
LIBS="$LIBS -lcrypt32"
fi
found_crypto="Windows Cryptography API: Next Generation"
if test "$ac_cv_have_decl_SecureZeroMemory" = "yes"; then
support_clear_memory=yes
fi
fi
])

64
cmake/FindmbedTLS.cmake Normal file
View File

@@ -0,0 +1,64 @@
# - Try to find mbedTLS
# Once done this will define
#
# Read-Only variables
# MBEDTLS_FOUND - system has mbedTLS
# MBEDTLS_INCLUDE_DIR - the mbedTLS include directory
# MBEDTLS_LIBRARY_DIR - the mbedTLS library directory
# MBEDTLS_LIBRARIES - Link these to use mbedTLS
# MBEDTLS_LIBRARY - path to mbedTLS library
# MBEDX509_LIBRARY - path to mbedTLS X.509 library
# MBEDCRYPTO_LIBRARY - path to mbedTLS Crypto library
FIND_PATH(MBEDTLS_INCLUDE_DIR mbedtls/version.h)
IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES)
# Already in cache, be silent
SET(MBEDTLS_FIND_QUIETLY TRUE)
ENDIF()
FIND_LIBRARY(MBEDTLS_LIBRARY NAMES mbedtls libmbedtls libmbedx509)
FIND_LIBRARY(MBEDX509_LIBRARY NAMES mbedx509 libmbedx509)
FIND_LIBRARY(MBEDCRYPTO_LIBRARY NAMES mbedcrypto libmbedcrypto)
IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARY AND MBEDX509_LIBRARY AND MBEDCRYPTO_LIBRARY)
SET(MBEDTLS_FOUND TRUE)
ENDIF()
IF(MBEDTLS_FOUND)
# split mbedTLS into -L and -l linker options, so we can set them for pkg-config
GET_FILENAME_COMPONENT(MBEDTLS_LIBRARY_DIR ${MBEDTLS_LIBRARY} PATH)
GET_FILENAME_COMPONENT(MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY} NAME_WE)
GET_FILENAME_COMPONENT(MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY} NAME_WE)
GET_FILENAME_COMPONENT(MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY} NAME_WE)
STRING(REGEX REPLACE "^lib" "" MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY_FILE})
STRING(REGEX REPLACE "^lib" "" MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY_FILE})
STRING(REGEX REPLACE "^lib" "" MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY_FILE})
SET(MBEDTLS_LIBRARIES "-L${MBEDTLS_LIBRARY_DIR} -l${MBEDTLS_LIBRARY_FILE} -l${MBEDX509_LIBRARY_FILE} -l${MBEDCRYPTO_LIBRARY_FILE}")
IF(NOT MBEDTLS_FIND_QUIETLY)
MESSAGE(STATUS "Found mbedTLS:")
FILE(READ ${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h MBEDTLSCONTENT)
STRING(REGEX MATCH "MBEDTLS_VERSION_STRING +\"[0-9|.]+\"" MBEDTLSMATCH ${MBEDTLSCONTENT})
IF (MBEDTLSMATCH)
STRING(REGEX REPLACE "MBEDTLS_VERSION_STRING +\"([0-9|.]+)\"" "\\1" MBEDTLS_VERSION ${MBEDTLSMATCH})
MESSAGE(STATUS " version ${MBEDTLS_VERSION}")
ENDIF(MBEDTLSMATCH)
MESSAGE(STATUS " TLS: ${MBEDTLS_LIBRARY}")
MESSAGE(STATUS " X509: ${MBEDX509_LIBRARY}")
MESSAGE(STATUS " Crypto: ${MBEDCRYPTO_LIBRARY}")
ENDIF(NOT MBEDTLS_FIND_QUIETLY)
ELSE(MBEDTLS_FOUND)
IF(MBEDTLS_FIND_REQUIRED)
MESSAGE(FATAL_ERROR "Could not find mbedTLS")
ENDIF(MBEDTLS_FIND_REQUIRED)
ENDIF(MBEDTLS_FOUND)
MARK_AS_ADVANCED(
MBEDTLS_INCLUDE_DIR
MBEDTLS_LIBRARY_DIR
MBEDTLS_LIBRARIES
MBEDTLS_LIBRARY
MBEDX509_LIBRARY
MBEDCRYPTO_LIBRARY
)

2
compile
View File

@@ -3,7 +3,7 @@
scriptversion=2012-10-14.11; # UTC
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify

3902
configure vendored
View File

File diff suppressed because it is too large Load Diff

64
configure.ac
View File

@@ -83,21 +83,32 @@ AC_C_BIGENDIAN
dnl check for how to do large files
AC_SYS_LARGEFILE
found_crypto=none
# Configure parameters
AC_ARG_WITH(openssl,
AC_HELP_STRING([--with-openssl],[Use OpenSSL for crypto]),
use_openssl=$withval,use_openssl=auto)
AC_ARG_WITH(libgcrypt,
AC_HELP_STRING([--with-libgcrypt],[Use libgcrypt for crypto]),
use_libgcrypt=$withval,use_libgcrypt=auto)
[ use_libgcrypt=$withval
LIBSSH2_CHECKFOR_GCRYPT
], use_libgcrypt=auto)
AC_ARG_WITH(wincng,
AC_HELP_STRING([--with-wincng],[Use Windows CNG for crypto]),
use_wincng=$withval,use_wincng=auto)
[ use_wincng=$withval
LIBSSH2_CHECKFOR_WINCNG
] ,use_wincng=auto)
AC_ARG_WITH([mbedtls],
AC_HELP_STRING([--with-mbedtls],[Use mbedTLS for crypto]),
[ use_mbedtls=$withval
LIBSSH2_CHECKFOR_MBEDTLS
], use_mbedtls=auto
)
AC_ARG_WITH(libz,
AC_HELP_STRING([--with-libz],[Use zlib for compression]),
use_libz=$withval,use_libz=auto)
found_crypto=none
support_clear_memory=no
# Look for OpenSSL
@@ -116,51 +127,11 @@ if test "$ac_cv_libssl" = "yes"; then
found_crypto="OpenSSL (AES-CTR: ${ac_cv_func_EVP_aes_128_ctr:-N/A})"
fi
AM_CONDITIONAL(OPENSSL, test "$ac_cv_libssl" = "yes")
# Look for libgcrypt
if test "$found_crypto" = "none" && test "$use_libgcrypt" != "no"; then
AC_LIB_HAVE_LINKFLAGS([gcrypt], [], [#include <gcrypt.h>])
fi
if test "$ac_cv_libgcrypt" = "yes"; then
AC_DEFINE(LIBSSH2_LIBGCRYPT, 1, [Use libgcrypt])
LIBSREQUIRED= # libgcrypt doesn't provide a .pc file. sad face.
LIBS="$LIBS -lgcrypt"
found_crypto=libgcrypt
fi
AM_CONDITIONAL(LIBGCRYPT, test "$ac_cv_libgcrypt" = "yes")
# Look for Windows Cryptography API: Next Generation
if test "$found_crypto" = "none" && test "$use_wincng" != "no"; then
AC_LIB_HAVE_LINKFLAGS([bcrypt], [], [
#include <windows.h>
#include <bcrypt.h>
])
AC_LIB_HAVE_LINKFLAGS([crypt32], [], [
#include <windows.h>
#include <wincrypt.h>
])
AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [
#include <windows.h>
])
AC_CHECK_DECLS([SecureZeroMemory], [], [], [
#include <windows.h>
])
fi
if test "$ac_cv_libbcrypt" = "yes"; then
AC_DEFINE(LIBSSH2_WINCNG, 1, [Use Windows CNG])
LIBSREQUIRED= # wincng doesn't provide a .pc file. sad face.
LIBS="$LIBS -lbcrypt"
if test "$ac_cv_libcrypt32" = "yes"; then
LIBS="$LIBS -lcrypt32"
fi
found_crypto="Windows Cryptography API: Next Generation"
if test "$ac_cv_have_decl_SecureZeroMemory" = "yes"; then
support_clear_memory=yes
fi
fi
AM_CONDITIONAL(WINCNG, test "$ac_cv_libbcrypt" = "yes")
AM_CONDITIONAL(LIBGCRYPT, test "$ac_cv_libgcrypt" = "yes")
AM_CONDITIONAL(MBEDTLS, test "$ac_cv_libmbedtls" = "yes")
AM_CONDITIONAL(OS400QC3, false)
# Check if crypto library was found
@@ -168,6 +139,7 @@ if test "$found_crypto" = "none"; then
AC_MSG_ERROR([No crypto library found!
Try --with-libssl-prefix=PATH
or --with-libgcrypt-prefix=PATH
or --with-libmbedtls-prefix=PATH
or --with-wincng on Windows\
])
fi

633
depcomp
View File

@@ -1,9 +1,9 @@
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects
scriptversion=2005-07-09.11
scriptversion=2013-05-30.07; # UTC
# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc.
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,9 +16,7 @@ scriptversion=2005-07-09.11
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA.
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -29,9 +27,9 @@ scriptversion=2005-07-09.11
case $1 in
'')
echo "$0: No command. Try \`$0 --help' for more information." 1>&2
exit 1;
;;
echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: depcomp [--help] [--version] PROGRAM [ARGS]
@@ -41,11 +39,11 @@ as side-effects.
Environment variables:
depmode Dependency tracking mode.
source Source file read by `PROGRAMS ARGS'.
object Object file output by `PROGRAMS ARGS'.
source Source file read by 'PROGRAMS ARGS'.
object Object file output by 'PROGRAMS ARGS'.
DEPDIR directory where to store dependencies.
depfile Dependency file to output.
tmpdepfile Temporary file to use when outputing dependencies.
tmpdepfile Temporary file to use when outputting dependencies.
libtool Whether libtool is used (yes/no).
Report bugs to <bug-automake@gnu.org>.
@@ -58,6 +56,66 @@ EOF
;;
esac
# Get the directory component of the given path, and save it in the
# global variables '$dir'. Note that this directory component will
# be either empty or ending with a '/' character. This is deliberate.
set_dir_from ()
{
case $1 in
*/*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;;
*) dir=;;
esac
}
# Get the suffix-stripped basename of the given path, and save it the
# global variable '$base'.
set_base_from ()
{
base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'`
}
# If no dependency file was actually created by the compiler invocation,
# we still have to create a dummy depfile, to avoid errors with the
# Makefile "include basename.Plo" scheme.
make_dummy_depfile ()
{
echo "#dummy" > "$depfile"
}
# Factor out some common post-processing of the generated depfile.
# Requires the auxiliary global variable '$tmpdepfile' to be set.
aix_post_process_depfile ()
{
# If the compiler actually managed to produce a dependency file,
# post-process it.
if test -f "$tmpdepfile"; then
# Each line is of the form 'foo.o: dependency.h'.
# Do two passes, one to just change these to
# $object: dependency.h
# and one to simply output
# dependency.h:
# which is needed to avoid the deleted-header problem.
{ sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile"
sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile"
} > "$depfile"
rm -f "$tmpdepfile"
else
make_dummy_depfile
fi
}
# A tabulation character.
tab=' '
# A newline character.
nl='
'
# Character ranges might be problematic outside the C locale.
# These definitions help.
upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ
lower=abcdefghijklmnopqrstuvwxyz
digits=0123456789
alpha=${upper}${lower}
if test -z "$depmode" || test -z "$source" || test -z "$object"; then
echo "depcomp: Variables source, object and depmode must be set" 1>&2
exit 1
@@ -70,6 +128,9 @@ tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
rm -f "$tmpdepfile"
# Avoid interferences from the environment.
gccflag= dashmflag=
# Some modes work just like other modes, but use different flags. We
# parameterize here, but still list the modes in the big case below,
# to make depend.m4 easier to write. Note that we *cannot* use a case
@@ -81,9 +142,32 @@ if test "$depmode" = hp; then
fi
if test "$depmode" = dashXmstdout; then
# This is just like dashmstdout with a different argument.
dashmflag=-xM
depmode=dashmstdout
# This is just like dashmstdout with a different argument.
dashmflag=-xM
depmode=dashmstdout
fi
cygpath_u="cygpath -u -f -"
if test "$depmode" = msvcmsys; then
# This is just like msvisualcpp but w/o cygpath translation.
# Just convert the backslash-escaped backslashes to single forward
# slashes to satisfy depend.m4
cygpath_u='sed s,\\\\,/,g'
depmode=msvisualcpp
fi
if test "$depmode" = msvc7msys; then
# This is just like msvc7 but w/o cygpath translation.
# Just convert the backslash-escaped backslashes to single forward
# slashes to satisfy depend.m4
cygpath_u='sed s,\\\\,/,g'
depmode=msvc7
fi
if test "$depmode" = xlc; then
# IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information.
gccflag=-qmakedep=gcc,-MF
depmode=gcc
fi
case "$depmode" in
@@ -91,10 +175,22 @@ gcc3)
## gcc 3 implements dependency tracking that does exactly what
## we want. Yay! Note: for some reason libtool 1.4 doesn't like
## it if -MD -MP comes after the -MF stuff. Hmm.
"$@" -MT "$object" -MD -MP -MF "$tmpdepfile"
## Unfortunately, FreeBSD c89 acceptance of flags depends upon
## the command line argument order; so add the flags where they
## appear in depend2.am. Note that the slowdown incurred here
## affects only configure: in makefiles, %FASTDEP% shortcuts this.
for arg
do
case $arg in
-c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
*) set fnord "$@" "$arg" ;;
esac
shift # fnord
shift # $arg
done
"$@"
stat=$?
if test $stat -eq 0; then :
else
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
@@ -102,13 +198,17 @@ gcc3)
;;
gcc)
## Note that this doesn't just cater to obsosete pre-3.x GCC compilers.
## but also to in-use compilers like IMB xlc/xlC and the HP C compiler.
## (see the conditional assignment to $gccflag above).
## There are various ways to get dependency output from gcc. Here's
## why we pick this rather obscure method:
## - Don't want to use -MD because we'd like the dependencies to end
## up in a subdir. Having to rename by hand is ugly.
## (We might end up doing this anyway to support other compilers.)
## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
## -MM, not -M (despite what the docs say).
## -MM, not -M (despite what the docs say). Also, it might not be
## supported by the other compilers which use the 'gcc' depmode.
## - Using -M directly means running the compiler twice (even worse
## than renaming).
if test -z "$gccflag"; then
@@ -116,31 +216,31 @@ gcc)
fi
"$@" -Wp,"$gccflag$tmpdepfile"
stat=$?
if test $stat -eq 0; then :
else
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
echo "$object : \\" > "$depfile"
alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
## The second -e expression handles DOS-style file names with drive letters.
# The second -e expression handles DOS-style file names with drive
# letters.
sed -e 's/^[^:]*: / /' \
-e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
## This next piece of magic avoids the `deleted header file' problem.
## This next piece of magic avoids the "deleted header file" problem.
## The problem is that when a header file which appears in a .P file
## is deleted, the dependency causes make to die (because there is
## typically no way to rebuild the header). We avoid this by adding
## dummy dependencies for each header file. Too bad gcc doesn't do
## this for us directly.
tr ' ' '
' < "$tmpdepfile" |
## Some versions of gcc put a space before the `:'. On the theory
## Some versions of gcc put a space before the ':'. On the theory
## that the space means something, we add a space to the output as
## well.
## well. hp depmode also adds that space, but also prefixes the VPATH
## to the object. Take care to not repeat it in the output.
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
@@ -158,8 +258,7 @@ sgi)
"$@" -MDupdate "$tmpdepfile"
fi
stat=$?
if test $stat -eq 0; then :
else
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
@@ -167,99 +266,156 @@ sgi)
if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
echo "$object : \\" > "$depfile"
# Clip off the initial element (the dependent). Don't try to be
# clever and replace this with sed code, as IRIX sed won't handle
# lines with more than a fixed number of characters (4096 in
# IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
# the IRIX cc adds comments like `#:fec' to the end of the
# the IRIX cc adds comments like '#:fec' to the end of the
# dependency line.
tr ' ' '
' < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
tr '
' ' ' >> $depfile
echo >> $depfile
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \
| tr "$nl" ' ' >> "$depfile"
echo >> "$depfile"
# The second pass generates a dummy entry for each header file.
tr ' ' '
' < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
>> $depfile
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
>> "$depfile"
else
# The sourcefile does not contain any dependencies, so just
# store a dummy comment line, to avoid errors with the Makefile
# "include basename.Plo" scheme.
echo "#dummy" > "$depfile"
make_dummy_depfile
fi
rm -f "$tmpdepfile"
;;
xlc)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
aix)
# The C for AIX Compiler uses -M and outputs the dependencies
# in a .u file. In older versions, this file always lives in the
# current directory. Also, the AIX compiler puts `$object:' at the
# current directory. Also, the AIX compiler puts '$object:' at the
# start of each line; $object doesn't have directory information.
# Version 6 uses the directory in both cases.
stripped=`echo "$object" | sed 's/\(.*\)\..*$/\1/'`
tmpdepfile="$stripped.u"
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
tmpdepfile1=$dir$base.u
tmpdepfile2=$base.u
tmpdepfile3=$dir.libs/$base.u
"$@" -Wc,-M
else
tmpdepfile1=$dir$base.u
tmpdepfile2=$dir$base.u
tmpdepfile3=$dir$base.u
"$@" -M
fi
stat=$?
if test -f "$tmpdepfile"; then :
else
stripped=`echo "$stripped" | sed 's,^.*/,,'`
tmpdepfile="$stripped.u"
fi
if test $stat -eq 0; then :
else
rm -f "$tmpdepfile"
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
exit $stat
fi
if test -f "$tmpdepfile"; then
outname="$stripped.o"
# Each line is of the form `foo.o: dependent.h'.
# Do two passes, one to just change these to
# `$object: dependent.h' and one to simply `dependent.h:'.
sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile"
sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile"
else
# The sourcefile does not contain any dependencies, so just
# store a dummy comment line, to avoid errors with the Makefile
# "include basename.Plo" scheme.
echo "#dummy" > "$depfile"
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
do
test -f "$tmpdepfile" && break
done
aix_post_process_depfile
;;
tcc)
# tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26
# FIXME: That version still under development at the moment of writing.
# Make that this statement remains true also for stable, released
# versions.
# It will wrap lines (doesn't matter whether long or short) with a
# trailing '\', as in:
#
# foo.o : \
# foo.c \
# foo.h \
#
# It will put a trailing '\' even on the last line, and will use leading
# spaces rather than leading tabs (at least since its commit 0394caf7
# "Emit spaces for -MD").
"$@" -MD -MF "$tmpdepfile"
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
# Each non-empty line is of the form 'foo.o : \' or ' dep.h \'.
# We have to change lines of the first kind to '$object: \'.
sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile"
# And for each line of the second kind, we have to emit a 'dep.h:'
# dummy dependency, to avoid the deleted-header problem.
sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile"
rm -f "$tmpdepfile"
;;
icc)
# Intel's C compiler understands `-MD -MF file'. However on
# icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
# ICC 7.0 will fill foo.d with something like
# foo.o: sub/foo.c
# foo.o: sub/foo.h
# which is wrong. We want:
# sub/foo.o: sub/foo.c
# sub/foo.o: sub/foo.h
# sub/foo.c:
# sub/foo.h:
# ICC 7.1 will output
## The order of this option in the case statement is important, since the
## shell code in configure will try each of these formats in the order
## listed in this file. A plain '-MD' option would be understood by many
## compilers, so we must ensure this comes after the gcc and icc options.
pgcc)
# Portland's C compiler understands '-MD'.
# Will always output deps to 'file.d' where file is the root name of the
# source file under compilation, even if file resides in a subdirectory.
# The object file name does not affect the name of the '.d' file.
# pgcc 10.2 will output
# foo.o: sub/foo.c sub/foo.h
# and will wrap long lines using \ :
# and will wrap long lines using '\' :
# foo.o: sub/foo.c ... \
# sub/foo.h ... \
# ...
set_dir_from "$object"
# Use the source, not the object, to determine the base name, since
# that's sadly what pgcc will do too.
set_base_from "$source"
tmpdepfile=$base.d
"$@" -MD -MF "$tmpdepfile"
stat=$?
if test $stat -eq 0; then :
else
# For projects that build the same source file twice into different object
# files, the pgcc approach of using the *source* file root name can cause
# problems in parallel builds. Use a locking strategy to avoid stomping on
# the same $tmpdepfile.
lockdir=$base.d-lock
trap "
echo '$0: caught signal, cleaning up...' >&2
rmdir '$lockdir'
exit 1
" 1 2 13 15
numtries=100
i=$numtries
while test $i -gt 0; do
# mkdir is a portable test-and-set.
if mkdir "$lockdir" 2>/dev/null; then
# This process acquired the lock.
"$@" -MD
stat=$?
# Release the lock.
rmdir "$lockdir"
break
else
# If the lock is being held by a different process, wait
# until the winning process is done or we timeout.
while test -d "$lockdir" && test $i -gt 0; do
sleep 1
i=`expr $i - 1`
done
fi
i=`expr $i - 1`
done
trap - 1 2 13 15
if test $i -le 0; then
echo "$0: failed to acquire lock after $numtries attempts" >&2
echo "$0: check lockdir '$lockdir'" >&2
exit 1
fi
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
@@ -271,68 +427,141 @@ icc)
sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process this invocation
# correctly. Breaking it into two sed invocations is a workaround.
sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
sed -e 's/$/ :/' >> "$depfile"
sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
hp2)
# The "hp" stanza above does not work with aCC (C++) and HP's ia64
# compilers, which have integrated preprocessors. The correct option
# to use with these is +Maked; it writes dependencies to a file named
# 'foo.d', which lands next to the object file, wherever that
# happens to be.
# Much of this is similar to the tru64 case; see comments there.
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir.libs/$base.d
"$@" -Wc,+Maked
else
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir$base.d
"$@" +Maked
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
do
test -f "$tmpdepfile" && break
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile"
# Add 'dependent.h:' lines.
sed -ne '2,${
s/^ *//
s/ \\*$//
s/$/:/
p
}' "$tmpdepfile" >> "$depfile"
else
make_dummy_depfile
fi
rm -f "$tmpdepfile" "$tmpdepfile2"
;;
tru64)
# The Tru64 compiler uses -MD to generate dependencies as a side
# effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
# At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
# dependencies in `foo.d' instead, so we check for that too.
# Subdirectories are respected.
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
test "x$dir" = "x$object" && dir=
base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
# The Tru64 compiler uses -MD to generate dependencies as a side
# effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
# At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
# dependencies in 'foo.d' instead, so we check for that too.
# Subdirectories are respected.
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
# With Tru64 cc, shared objects can also be used to make a
# static library. This mecanism is used in libtool 1.4 series to
# handle both shared and static libraries in a single compilation.
# With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
#
# With libtool 1.5 this exception was removed, and libtool now
# generates 2 separate objects for the 2 libraries. These two
# compilations output dependencies in in $dir.libs/$base.o.d and
# in $dir$base.o.d. We have to check for both files, because
# one of the two compilations can be disabled. We should prefer
# $dir$base.o.d over $dir.libs/$base.o.d because the latter is
# automatically cleaned when .libs/ is deleted, while ignoring
# the former would cause a distcleancheck panic.
tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4
tmpdepfile2=$dir$base.o.d # libtool 1.5
tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5
tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504
"$@" -Wc,-MD
else
tmpdepfile1=$dir$base.o.d
tmpdepfile2=$dir$base.d
tmpdepfile3=$dir$base.d
tmpdepfile4=$dir$base.d
"$@" -MD
fi
if test "$libtool" = yes; then
# Libtool generates 2 separate objects for the 2 libraries. These
# two compilations output dependencies in $dir.libs/$base.o.d and
# in $dir$base.o.d. We have to check for both files, because
# one of the two compilations can be disabled. We should prefer
# $dir$base.o.d over $dir.libs/$base.o.d because the latter is
# automatically cleaned when .libs/ is deleted, while ignoring
# the former would cause a distcleancheck panic.
tmpdepfile1=$dir$base.o.d # libtool 1.5
tmpdepfile2=$dir.libs/$base.o.d # Likewise.
tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504
"$@" -Wc,-MD
else
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir$base.d
tmpdepfile3=$dir$base.d
"$@" -MD
fi
stat=$?
if test $stat -eq 0; then :
else
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
exit $stat
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
do
test -f "$tmpdepfile" && break
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
# That's a tab and a space in the [].
sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
else
echo "#dummy" > "$depfile"
fi
rm -f "$tmpdepfile"
;;
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
do
test -f "$tmpdepfile" && break
done
# Same post-processing that is required for AIX mode.
aix_post_process_depfile
;;
msvc7)
if test "$libtool" = yes; then
showIncludes=-Wc,-showIncludes
else
showIncludes=-showIncludes
fi
"$@" $showIncludes > "$tmpdepfile"
stat=$?
grep -v '^Note: including file: ' "$tmpdepfile"
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
echo "$object : \\" > "$depfile"
# The first sed program below extracts the file names and escapes
# backslashes for cygpath. The second sed program outputs the file
# name when reading, but also accumulates all include files in the
# hold buffer in order to output them again at the end. This only
# works with sed implementations that can handle large buffers.
sed < "$tmpdepfile" -n '
/^Note: including file: *\(.*\)/ {
s//\1/
s/\\/\\\\/g
p
}' | $cygpath_u | sort -u | sed -n '
s/ /\\ /g
s/\(.*\)/'"$tab"'\1 \\/p
s/.\(.*\) \\/\1:/
H
$ {
s/.*/'"$tab"'/
G
p
}' >> "$depfile"
echo >> "$depfile" # make sure the fragment doesn't end with a backslash
rm -f "$tmpdepfile"
;;
msvc7msys)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
#nosideeffect)
# This comment above is used by automake to tell side-effect
@@ -345,13 +574,13 @@ dashmstdout)
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test $1 != '--mode=compile'; do
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# Remove `-o $object'.
# Remove '-o $object'.
IFS=" "
for arg
do
@@ -371,18 +600,18 @@ dashmstdout)
done
test -z "$dashmflag" && dashmflag=-M
# Require at least two characters before searching for `:'
# Require at least two characters before searching for ':'
# in the target name. This is to cope with DOS-style filenames:
# a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
# a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
"$@" $dashmflag |
sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile"
sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile"
rm -f "$depfile"
cat < "$tmpdepfile" > "$depfile"
tr ' ' '
' < "$tmpdepfile" | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
# Some versions of the HPUX 10.20 sed can't process this sed invocation
# correctly. Breaking it into two sed invocations is a workaround.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
@@ -396,41 +625,51 @@ makedepend)
"$@" || exit $?
# Remove any Libtool call
if test "$libtool" = yes; then
while test $1 != '--mode=compile'; do
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# X makedepend
shift
cleared=no
for arg in "$@"; do
cleared=no eat=no
for arg
do
case $cleared in
no)
set ""; shift
cleared=yes ;;
esac
if test $eat = yes; then
eat=no
continue
fi
case "$arg" in
-D*|-I*)
set fnord "$@" "$arg"; shift ;;
# Strip any option that makedepend may not understand. Remove
# the object too, otherwise makedepend will parse it as a source file.
-arch)
eat=yes ;;
-*|$object)
;;
*)
set fnord "$@" "$arg"; shift ;;
esac
done
obj_suffix="`echo $object | sed 's/^.*\././'`"
obj_suffix=`echo "$object" | sed 's/^.*\././'`
touch "$tmpdepfile"
${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
rm -f "$depfile"
cat < "$tmpdepfile" > "$depfile"
sed '1,2d' "$tmpdepfile" | tr ' ' '
' | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
# makedepend may prepend the VPATH from the source file name to the object.
# No need to regex-escape $object, excess matching of '.' is harmless.
sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process the last invocation
# correctly. Breaking it into two sed invocations is a workaround.
sed '1,2d' "$tmpdepfile" \
| tr ' ' "$nl" \
| sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile" "$tmpdepfile".bak
;;
@@ -441,13 +680,13 @@ cpp)
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test $1 != '--mode=compile'; do
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# Remove `-o $object'.
# Remove '-o $object'.
IFS=" "
for arg
do
@@ -466,10 +705,10 @@ cpp)
esac
done
"$@" -E |
sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
-e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
sed '$ s: \\$::' > "$tmpdepfile"
"$@" -E \
| sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
-e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
| sed '$ s: \\$::' > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
cat < "$tmpdepfile" >> "$depfile"
@@ -479,35 +718,56 @@ cpp)
msvisualcpp)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout, regardless of -o,
# because we must use -o when running libtool.
# always write the preprocessed file to stdout.
"$@" || exit $?
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
IFS=" "
for arg
do
case "$arg" in
-o)
shift
;;
$object)
shift
;;
"-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
set fnord "$@"
shift
shift
;;
set fnord "$@"
shift
shift
;;
*)
set fnord "$@" "$arg"
shift
shift
;;
set fnord "$@" "$arg"
shift
shift
;;
esac
done
"$@" -E |
sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile"
"$@" -E 2>/dev/null |
sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
. "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile"
echo " " >> "$depfile"
. "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
echo "$tab" >> "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
rm -f "$tmpdepfile"
;;
msvcmsys)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
none)
exec "$@"
;;
@@ -526,5 +786,6 @@ exit 0
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-end: "$"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

8
docs/BINDINGS
View File

@@ -10,16 +10,16 @@ Cocoa/Objective-C
https://github.com/karelia/libssh2_sftp-Cocoa-wrapper
Haskell
FFI bindings - http://hackage.haskell.org/package/libssh2
FFI bindings - https://hackage.haskell.org/package/libssh2
Perl
Net::SSH2 - http://search.cpan.org/~rkitover/Net-SSH2-0.45/lib/Net/SSH2.pm
Net::SSH2 - https://metacpan.org/pod/Net::SSH2
PHP
ssh2 - http://pecl.php.net/package/ssh2
ssh2 - https://pecl.php.net/package/ssh2
Python
pylibssh2 - http://www.wallix.org/pylibssh2-project/
pylibssh2 - https://pypi.python.org/pypi/pylibssh2
Python-ctypes

22
docs/INSTALL_AUTOTOOLS
View File

@@ -284,8 +284,8 @@ Some ./configure options deserve additional comments:
* --with-libgcrypt-prefix=DIR
libssh2 can use the Libgcrypt library
(http://www.gnupg.org/) for cryptographic operations.
Either Libgcrypt or OpenSSL is required.
(https://www.gnupg.org/) for cryptographic operations.
One of the cryptographic libraries is required.
Configure will attempt to locate Libgcrypt
automatically.
@@ -298,8 +298,8 @@ Some ./configure options deserve additional comments:
* --with-libssl-prefix=[DIR]
libssh2 can use the OpenSSL library
(http://www.openssl.org) for cryptographic operations.
Either Libgcrypt or OpenSSL is required.
(https://www.openssl.org) for cryptographic operations.
One of the cryptographic libraries is required.
Configure will attempt to locate OpenSSL in the
default location.
@@ -307,6 +307,20 @@ Some ./configure options deserve additional comments:
If your installation of OpenSSL is in another
location, specify it using --with-libssl-prefix.
* --with-mbedtls
* --without-mbedtls
* --with-libmbedtls-prefix=[DIR]
libssh2 can use the mbedTLS library
(https://tls.mbed.org) for cryptographic operations.
One of the cryptographic libraries is required.
Configure will attempt to locate mbedTLS in the
default location.
If your installation of mbedTLS is in another
location, specify it using --with-libmbedtls-prefix.
* --with-libz
* --without-libz
* --with-libz-prefix=[DIR]

21
docs/INSTALL_CMAKE
View File

@@ -12,6 +12,7 @@ following cryptography libraries:
* OpenSSL
* Libgcrypt
* WinCNG
* mbedTLS
Getting started
---------------
@@ -47,9 +48,9 @@ The following options are available:
* `CRYPTO_BACKEND=`
Chooses a specific cryptography library to use for cryptographic
operations. Can be `OpenSSL` (http://www.openssl.org),
`Libgcrypt` (http://www.gnupg.org/), `WinCNG` (Windows Vista+) or
blank to use any library available.
operations. Can be `OpenSSL` (https://www.openssl.org),
`Libgcrypt` (https://www.gnupg.org/), `WinCNG` (Windows Vista+),
`mbedTLS` (https://tls.mbed.org/) or blank to use any library available.
CMake will attempt to locate the libraries automatically. See [2]
for more information.
@@ -97,6 +98,10 @@ The following options are available:
Will enable the libssh2_trace() function for showing debug traces.
* `CLEAR_MEMORY=ON`
Securely zero memory before freeing it (if the backend supports this).
Build tools
-----------
@@ -161,14 +166,14 @@ builds your project:
Libssh2
URL <libssh2 download location>
URL_HASH SHA1=<libssh2 archive SHA1>
INSTALL_COMMAND "")
INSTALL_COMMAND "")
ExternalProject_Add(
MyProject DEPENDS Libssh2
SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/src
INSTALL_COMMAND "")
[1] http://www.cmake.org/cmake/resources/software.html
[2] http://www.cmake.org/cmake/help/v3.0/manual/cmake-packages.7.html
[3] http://www.cmake.org/cmake/help/v3.0/manual/cmake-packages.7.html#package-registry
[4] http://www.kitware.com/media/html/BuildingExternalProjectsWithCMake2.8.html
[1] https://www.cmake.org/cmake/resources/software.html
[2] https://www.cmake.org/cmake/help/v3.0/manual/cmake-packages.7.html
[3] https://www.cmake.org/cmake/help/v3.0/manual/cmake-packages.7.html#package-registry
[4] http://www.kitware.com/media/html/BuildingExternalProjectsWithCMake2.8.html

2
docs/Makefile.am
View File

@@ -1,7 +1,7 @@
# $Id: Makefile.am,v 1.37 2009/03/26 15:41:15 bagder Exp $
EXTRA_DIST = template.3 BINDINGS INSTALL_AUTOTOOLS INSTALL_CMAKE HACKING TODO \
AUTHORS CMakeLists.txt HACKING.CRYPTO
AUTHORS CMakeLists.txt HACKING.CRYPTO SECURITY.md
dist_man_MANS = \
libssh2_agent_connect.3 \

7
docs/Makefile.in
View File

@@ -189,6 +189,7 @@ GREP = @GREP@
HAVE_LIBBCRYPT = @HAVE_LIBBCRYPT@
HAVE_LIBCRYPT32 = @HAVE_LIBCRYPT32@
HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
HAVE_LIBMBEDTLS = @HAVE_LIBMBEDTLS@
HAVE_LIBSSL = @HAVE_LIBSSL@
HAVE_LIBZ = @HAVE_LIBZ@
INSTALL = @INSTALL@
@@ -204,6 +205,8 @@ LIBCRYPT32 = @LIBCRYPT32@
LIBCRYPT32_PREFIX = @LIBCRYPT32_PREFIX@
LIBGCRYPT = @LIBGCRYPT@
LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
LIBMBEDTLS = @LIBMBEDTLS@
LIBMBEDTLS_PREFIX = @LIBMBEDTLS_PREFIX@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBSREQUIRED = @LIBSREQUIRED@
@@ -218,9 +221,11 @@ LN_S = @LN_S@
LTLIBBCRYPT = @LTLIBBCRYPT@
LTLIBCRYPT32 = @LTLIBCRYPT32@
LTLIBGCRYPT = @LTLIBGCRYPT@
LTLIBMBEDTLS = @LTLIBMBEDTLS@
LTLIBOBJS = @LTLIBOBJS@
LTLIBSSL = @LTLIBSSL@
LTLIBZ = @LTLIBZ@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
@@ -300,7 +305,7 @@ top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
EXTRA_DIST = template.3 BINDINGS INSTALL_AUTOTOOLS INSTALL_CMAKE HACKING TODO \
AUTHORS CMakeLists.txt HACKING.CRYPTO
AUTHORS CMakeLists.txt HACKING.CRYPTO SECURITY.md
dist_man_MANS = \
libssh2_agent_connect.3 \

100
docs/SECURITY.md Normal file
View File

@@ -0,0 +1,100 @@
libssh2 security
================
This document is intended to provide guidance on how security vulnerabilities
should be handled in the libssh2 project.
Publishing Information
----------------------
All known and public libssh2 vulnerabilities will be listed on [the libssh2
web site](https://www.libssh2.org/).
Security vulnerabilities should not be entered in the project's public bug
tracker unless the necessary configuration is in place to limit access to the
issue to only the reporter and the project's security team.
Vulnerability Handling
----------------------
The typical process for handling a new security vulnerability is as follows.
No information should be made public about a vulnerability until it is
formally announced at the end of this process. That means, for example that a
bug tracker entry must NOT be created to track the issue since that will make
the issue public and it should not be discussed on the project's public
mailing list. Also messages associated with any commits should not make any
reference to the security nature of the commit if done prior to the public
announcement.
- The person discovering the issue, the reporter, reports the vulnerability
privately to `libssh2-security@haxx.se`. That's an email alias that reaches a
handful of selected and trusted people.
- Messages that do not relate to the reporting or managing of an undisclosed
security vulnerability in libssh2 are ignored and no further action is
required.
- A person in the security team sends an e-mail to the original reporter to
acknowledge the report.
- The security team investigates the report and either rejects it or accepts
it.
- If the report is rejected, the team writes to the reporter to explain why.
- If the report is accepted, the team writes to the reporter to let him/her
know it is accepted and that they are working on a fix.
- The security team discusses the problem, works out a fix, considers the
impact of the problem and suggests a release schedule. This discussion
should involve the reporter as much as possible.
- The release of the information should be "as soon as possible" and is most
often synced with an upcoming release that contains the fix. If the
reporter, or anyone else, thinks the next planned release is too far away
then a separate earlier release for security reasons should be considered.
- Write a security advisory draft about the problem that explains what the
problem is, its impact, which versions it affects, solutions or
workarounds, when the release is out and make sure to credit all
contributors properly.
- Request a CVE number from
[distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros)
when also informing and preparing them for the upcoming public security
vulnerability announcement - attach the advisory draft for information. Note
that 'distros' won't accept an embargo longer than 19 days.
- Update the "security advisory" with the CVE number.
- The security team commits the fix in a private branch. The commit message
should ideally contain the CVE number. This fix is usually also distributed
to the 'distros' mailing list to allow them to use the fix prior to the
public announcement.
- At the day of the next release, the private branch is merged into the master
branch and pushed. Once pushed, the information is accessible to the public
and the actual release should follow suit immediately afterwards.
- The project team creates a release that includes the fix.
- The project team announces the release and the vulnerability to the world in
the same manner we always announce releases. It gets sent to the libssh2
mailing list and the oss-security mailing list.
- The security web page on the web site should get the new vulnerability
mentioned.
LIBSSH2-SECURITY (at haxx dot se)
--------------------------------
Who is on this list? There are a couple of criteria you must meet, and then we
might ask you to join the list or you can ask to join it. It really isn't very
formal. We basically only require that you have a long-term presence in the
libssh2 project and you have shown an understanding for the project and its way
of working. You must've been around for a good while and you should have no
plans in vanishing in the near future.
We do not make the list of partipants public mostly because it tends to vary
somewhat over time and a list somewhere will only risk getting outdated.

42
docs/libssh2_sftp_get_channel.3
View File

@@ -1,21 +1,21 @@
.TH libssh2_sftp_get_channel 3 "9 Sep 2011" "libssh2 1.4.0" "libssh2 manual"
.SH NAME
libssh2_sftp_get_channel - return the channel of sftp
.SH SYNOPSIS
.nf
#include <libssh2.h>
#include <libssh2_sftp.h>
.fi
LIBSSH2_CHANNEL *libssh2_sftp_get_channel(LIBSSH2_SFTP *sftp);
.SH DESCRIPTION
\fIsftp\fP - SFTP instance as returned by
.BR libssh2_sftp_init(3)
Return the channel of the given sftp handle.
.SH RETURN VALUE
The channel of the SFTP instance or NULL if something was wrong.
.SH AVAILABILITY
Added in 1.4.0
.SH SEE ALSO
.BR libssh2_sftp_init(3)
.TH libssh2_sftp_get_channel 3 "9 Sep 2011" "libssh2 1.4.0" "libssh2 manual"
.SH NAME
libssh2_sftp_get_channel - return the channel of sftp
.SH SYNOPSIS
.nf
#include <libssh2.h>
#include <libssh2_sftp.h>
.fi
LIBSSH2_CHANNEL *libssh2_sftp_get_channel(LIBSSH2_SFTP *sftp);
.SH DESCRIPTION
\fIsftp\fP - SFTP instance as returned by
.BR libssh2_sftp_init(3)
Return the channel of the given sftp handle.
.SH RETURN VALUE
The channel of the SFTP instance or NULL if something was wrong.
.SH AVAILABILITY
Added in 1.4.0
.SH SEE ALSO
.BR libssh2_sftp_init(3)

5
example/Makefile.in
View File

@@ -318,6 +318,7 @@ GREP = @GREP@
HAVE_LIBBCRYPT = @HAVE_LIBBCRYPT@
HAVE_LIBCRYPT32 = @HAVE_LIBCRYPT32@
HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
HAVE_LIBMBEDTLS = @HAVE_LIBMBEDTLS@
HAVE_LIBSSL = @HAVE_LIBSSL@
HAVE_LIBZ = @HAVE_LIBZ@
INSTALL = @INSTALL@
@@ -333,6 +334,8 @@ LIBCRYPT32 = @LIBCRYPT32@
LIBCRYPT32_PREFIX = @LIBCRYPT32_PREFIX@
LIBGCRYPT = @LIBGCRYPT@
LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
LIBMBEDTLS = @LIBMBEDTLS@
LIBMBEDTLS_PREFIX = @LIBMBEDTLS_PREFIX@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBSREQUIRED = @LIBSREQUIRED@
@@ -347,9 +350,11 @@ LN_S = @LN_S@
LTLIBBCRYPT = @LTLIBBCRYPT@
LTLIBCRYPT32 = @LTLIBCRYPT32@
LTLIBGCRYPT = @LTLIBGCRYPT@
LTLIBMBEDTLS = @LTLIBMBEDTLS@
LTLIBOBJS = @LTLIBOBJS@
LTLIBSSL = @LTLIBSSL@
LTLIBZ = @LTLIBZ@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@

9
example/libssh2_config.h.in
View File

@@ -64,6 +64,9 @@
/* Define if you have the gcrypt library. */
#undef HAVE_LIBGCRYPT
/* Define if you have the mbedtls library. */
#undef HAVE_LIBMBEDTLS
/* Define if you have the ssl library. */
#undef HAVE_LIBSSL
@@ -172,14 +175,16 @@
/* Enable "none" MAC -- NOT RECOMMENDED */
#undef LIBSSH2_MAC_NONE
/* Use mbedtls */
#undef LIBSSH2_MBEDTLS
/* Use OpenSSL */
#undef LIBSSH2_OPENSSL
/* Use Windows CNG */
#undef LIBSSH2_WINCNG
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
/* Define to the sub-directory where libtool stores uninstalled libraries. */
#undef LT_OBJDIR
/* Define to 1 if _REENTRANT preprocessor symbol must be defined. */

2
example/subsystem_netconf.c
View File

@@ -250,7 +250,7 @@ int main(int argc, char *argv[])
goto shutdown;
}
/* NETCONF: http://tools.ietf.org/html/draft-ietf-netconf-ssh-06 */
/* NETCONF: https://tools.ietf.org/html/draft-ietf-netconf-ssh-06 */
fprintf(stderr, "Sending NETCONF client <hello>\n");
snprintf(buf, sizeof(buf),

19
include/libssh2.h
View File

@@ -46,12 +46,12 @@
to make the BANNER define (used by src/session.c) be a valid SSH
banner. Release versions have no appended strings and may of course not
have dashes either. */
#define LIBSSH2_VERSION "1.7.0"
#define LIBSSH2_VERSION "1.8.0"
/* The numeric version number is also available "in parts" by using these
defines: */
#define LIBSSH2_VERSION_MAJOR 1
#define LIBSSH2_VERSION_MINOR 7
#define LIBSSH2_VERSION_MINOR 8
#define LIBSSH2_VERSION_PATCH 0
/* This is the numeric version of the libssh2 version number, meant for easier
@@ -69,7 +69,7 @@
and it is always a greater number in a more recent release. It makes
comparisons with greater than and less than work.
*/
#define LIBSSH2_VERSION_NUM 0x010700
#define LIBSSH2_VERSION_NUM 0x010800
/*
* This is the date and time when the full source package was created. The
@@ -80,7 +80,7 @@
*
* "Mon Feb 12 11:35:33 UTC 2007"
*/
#define LIBSSH2_TIMESTAMP "tis 23 feb 2016 07:56:30 UTC"
#define LIBSSH2_TIMESTAMP "Tue Oct 25 06:44:33 UTC 2016"
#ifndef RC_INVOKED
@@ -202,7 +202,16 @@ typedef off_t libssh2_struct_stat_size;
#endif
#ifndef LIBSSH2_STRUCT_STAT_SIZE_FORMAT
# define LIBSSH2_STRUCT_STAT_SIZE_FORMAT "%zd"
# ifdef __VMS
/* We have to roll our own format here because %z is a C99-ism we don't have. */
# if __USE_OFF64_T || __USING_STD_STAT
# define LIBSSH2_STRUCT_STAT_SIZE_FORMAT "%Ld"
# else
# define LIBSSH2_STRUCT_STAT_SIZE_FORMAT "%d"
# endif
# else
# define LIBSSH2_STRUCT_STAT_SIZE_FORMAT "%zd"
# endif
typedef struct stat libssh2_struct_stat;
typedef off_t libssh2_struct_stat_size;
#endif

2
libssh2.pc.in
View File

@@ -8,7 +8,7 @@ libdir=@libdir@
includedir=@includedir@
Name: libssh2
URL: http://www.libssh2.org/
URL: https://www.libssh2.org/
Description: Library for SSH-based communication
Version: @LIBSSH2VER@
Requires.private: @LIBSREQUIRED@

5585
ltmain.sh
View File

File diff suppressed because it is too large Load Diff

2522
m4/libtool.m4 vendored
View File

File diff suppressed because it is too large Load Diff

127
m4/ltoptions.m4 vendored
View File

@@ -1,14 +1,14 @@
# Helper functions for option handling. -*- Autoconf -*-
#
# Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation,
# Inc.
# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
# Foundation, Inc.
# Written by Gary V. Vaughan, 2004
#
# This file is free software; the Free Software Foundation gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
# serial 7 ltoptions.m4
# serial 8 ltoptions.m4
# This is to help aclocal find these macros, as it can't see m4_define.
AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
@@ -29,7 +29,7 @@ m4_define([_LT_SET_OPTION],
[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
_LT_MANGLE_DEFUN([$1], [$2]),
[m4_warning([Unknown $1 option `$2'])])[]dnl
[m4_warning([Unknown $1 option '$2'])])[]dnl
])
@@ -75,13 +75,15 @@ m4_if([$1],[LT_INIT],[
dnl
dnl If no reference was made to various pairs of opposing options, then
dnl we run the default mode handler for the pair. For example, if neither
dnl `shared' nor `disable-shared' was passed, we enable building of shared
dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
dnl archives by default:
_LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
_LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
_LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
_LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
[_LT_ENABLE_FAST_INSTALL])
[_LT_ENABLE_FAST_INSTALL])
_LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
[_LT_WITH_AIX_SONAME([aix])])
])
])# _LT_SET_OPTIONS
@@ -112,7 +114,7 @@ AU_DEFUN([AC_LIBTOOL_DLOPEN],
[_LT_SET_OPTION([LT_INIT], [dlopen])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the `dlopen' option into LT_INIT's first parameter.])
put the 'dlopen' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
@@ -148,7 +150,7 @@ AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
_LT_SET_OPTION([LT_INIT], [win32-dll])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the `win32-dll' option into LT_INIT's first parameter.])
put the 'win32-dll' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
@@ -157,9 +159,9 @@ dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
# _LT_ENABLE_SHARED([DEFAULT])
# ----------------------------
# implement the --enable-shared flag, and supports the `shared' and
# `disable-shared' LT_INIT options.
# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
# implement the --enable-shared flag, and supports the 'shared' and
# 'disable-shared' LT_INIT options.
# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
m4_define([_LT_ENABLE_SHARED],
[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([shared],
@@ -172,14 +174,14 @@ AC_ARG_ENABLE([shared],
*)
enable_shared=no
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_shared=yes
fi
done
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
;;
esac],
[enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
@@ -211,9 +213,9 @@ dnl AC_DEFUN([AM_DISABLE_SHARED], [])
# _LT_ENABLE_STATIC([DEFAULT])
# ----------------------------
# implement the --enable-static flag, and support the `static' and
# `disable-static' LT_INIT options.
# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
# implement the --enable-static flag, and support the 'static' and
# 'disable-static' LT_INIT options.
# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
m4_define([_LT_ENABLE_STATIC],
[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([static],
@@ -226,14 +228,14 @@ AC_ARG_ENABLE([static],
*)
enable_static=no
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_static=yes
fi
done
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
;;
esac],
[enable_static=]_LT_ENABLE_STATIC_DEFAULT)
@@ -265,9 +267,9 @@ dnl AC_DEFUN([AM_DISABLE_STATIC], [])
# _LT_ENABLE_FAST_INSTALL([DEFAULT])
# ----------------------------------
# implement the --enable-fast-install flag, and support the `fast-install'
# and `disable-fast-install' LT_INIT options.
# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
# implement the --enable-fast-install flag, and support the 'fast-install'
# and 'disable-fast-install' LT_INIT options.
# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
m4_define([_LT_ENABLE_FAST_INSTALL],
[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([fast-install],
@@ -280,14 +282,14 @@ AC_ARG_ENABLE([fast-install],
*)
enable_fast_install=no
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_fast_install=yes
fi
done
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
;;
esac],
[enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
@@ -304,14 +306,14 @@ AU_DEFUN([AC_ENABLE_FAST_INSTALL],
[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
the `fast-install' option into LT_INIT's first parameter.])
the 'fast-install' option into LT_INIT's first parameter.])
])
AU_DEFUN([AC_DISABLE_FAST_INSTALL],
[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
the `disable-fast-install' option into LT_INIT's first parameter.])
the 'disable-fast-install' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
@@ -319,11 +321,64 @@ dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
# _LT_WITH_AIX_SONAME([DEFAULT])
# ----------------------------------
# implement the --with-aix-soname flag, and support the `aix-soname=aix'
# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
# is either `aix', `both' or `svr4'. If omitted, it defaults to `aix'.
m4_define([_LT_WITH_AIX_SONAME],
[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
shared_archive_member_spec=
case $host,$enable_shared in
power*-*-aix[[5-9]]*,yes)
AC_MSG_CHECKING([which variant of shared library versioning to provide])
AC_ARG_WITH([aix-soname],
[AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
[shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
[case $withval in
aix|svr4|both)
;;
*)
AC_MSG_ERROR([Unknown argument to --with-aix-soname])
;;
esac
lt_cv_with_aix_soname=$with_aix_soname],
[AC_CACHE_VAL([lt_cv_with_aix_soname],
[lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
with_aix_soname=$lt_cv_with_aix_soname])
AC_MSG_RESULT([$with_aix_soname])
if test aix != "$with_aix_soname"; then
# For the AIX way of multilib, we name the shared archive member
# based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
# and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
# Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
# the AIX toolchain works better with OBJECT_MODE set (default 32).
if test 64 = "${OBJECT_MODE-32}"; then
shared_archive_member_spec=shr_64
else
shared_archive_member_spec=shr
fi
fi
;;
*)
with_aix_soname=aix
;;
esac
_LT_DECL([], [shared_archive_member_spec], [0],
[Shared archive member basename, for filename based shared library versioning on AIX])dnl
])# _LT_WITH_AIX_SONAME
LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
# _LT_WITH_PIC([MODE])
# --------------------
# implement the --with-pic flag, and support the `pic-only' and `no-pic'
# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
# LT_INIT options.
# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
# MODE is either 'yes' or 'no'. If omitted, it defaults to 'both'.
m4_define([_LT_WITH_PIC],
[AC_ARG_WITH([pic],
[AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
@@ -334,19 +389,17 @@ m4_define([_LT_WITH_PIC],
*)
pic_mode=default
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for lt_pkg in $withval; do
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
if test "X$lt_pkg" = "X$lt_p"; then
pic_mode=yes
fi
done
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
;;
esac],
[pic_mode=default])
test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
[pic_mode=m4_default([$1], [default])])
_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
])# _LT_WITH_PIC
@@ -359,7 +412,7 @@ AU_DEFUN([AC_LIBTOOL_PICMODE],
[_LT_SET_OPTION([LT_INIT], [pic-only])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the `pic-only' option into LT_INIT's first parameter.])
put the 'pic-only' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:

7
m4/ltsugar.m4 vendored
View File

@@ -1,6 +1,7 @@
# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
#
# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
# Foundation, Inc.
# Written by Gary V. Vaughan, 2004
#
# This file is free software; the Free Software Foundation gives
@@ -33,7 +34,7 @@ m4_define([_lt_join],
# ------------
# Manipulate m4 lists.
# These macros are necessary as long as will still need to support
# Autoconf-2.59 which quotes differently.
# Autoconf-2.59, which quotes differently.
m4_define([lt_car], [[$1]])
m4_define([lt_cdr],
[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
@@ -44,7 +45,7 @@ m4_define([lt_unquote], $1)
# lt_append(MACRO-NAME, STRING, [SEPARATOR])
# ------------------------------------------
# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'.
# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
# Note that neither SEPARATOR nor STRING are expanded; they are appended
# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
# No SEPARATOR is output if MACRO-NAME was previously undefined (different

12
m4/ltversion.m4 vendored
View File

@@ -1,6 +1,6 @@
# ltversion.m4 -- version numbers -*- Autoconf -*-
#
# Copyright (C) 2004 Free Software Foundation, Inc.
# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
# Written by Scott James Remnant, 2004
#
# This file is free software; the Free Software Foundation gives
@@ -9,15 +9,15 @@
# @configure_input@
# serial 3337 ltversion.m4
# serial 4179 ltversion.m4
# This file is part of GNU Libtool
m4_define([LT_PACKAGE_VERSION], [2.4.2])
m4_define([LT_PACKAGE_REVISION], [1.3337])
m4_define([LT_PACKAGE_VERSION], [2.4.6])
m4_define([LT_PACKAGE_REVISION], [2.4.6])
AC_DEFUN([LTVERSION_VERSION],
[macro_version='2.4.2'
macro_revision='1.3337'
[macro_version='2.4.6'
macro_revision='2.4.6'
_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
_LT_DECL(, macro_revision, 0)
])

7
m4/lt~obsolete.m4 vendored
View File

@@ -1,6 +1,7 @@
# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
#
# Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc.
# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
# Foundation, Inc.
# Written by Scott James Remnant, 2004.
#
# This file is free software; the Free Software Foundation gives
@@ -11,7 +12,7 @@
# These exist entirely to fool aclocal when bootstrapping libtool.
#
# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN)
# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
# which have later been changed to m4_define as they aren't part of the
# exported API, or moved to Autoconf or Automake where they belong.
#
@@ -25,7 +26,7 @@
# included after everything else. This provides aclocal with the
# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
# because those macros already exist, or will be overwritten later.
# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
#
# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
# Yes, that means every name once taken will need to remain here until

29
maketgz
View File

@@ -9,6 +9,11 @@ if [ -z "$version" ]; then
exit
fi
if [ "xonly" = "x$2" ]; then
echo "Setup version number only!"
only=1
fi
libversion="$version"
major=`echo $libversion |cut -d. -f1 | sed -e "s/[^0-9]//g"`
@@ -19,22 +24,36 @@ numeric=`perl -e 'printf("%02x%02x%02x\n", '"$major, $minor, $patch);"`
HEADER=include/libssh2.h
# requires a date command that knows -u for UTC time zone
datestamp=`date -u`
if test -z "$only"; then
ext=".dist"
# when not setting up version numbers locally
for a in $HEADER; do
cp $a "$a$ext"
done
HEADER="$HEADER$ext"
fi
# Replace version number in header file:
sed -e 's/^#define LIBSSH2_VERSION .*/#define LIBSSH2_VERSION "'$libversion'"/g' \
# requires a date command that knows -u for UTC time zone
datestamp=`LC_TIME=C date -u`
# Replace in-place version number in header file:
sed -i -e 's/^#define LIBSSH2_VERSION .*/#define LIBSSH2_VERSION "'$libversion'"/g' \
-e 's/^#define LIBSSH2_VERSION_NUM .*/#define LIBSSH2_VERSION_NUM 0x'$numeric'/g' \
-e 's/^#define LIBSSH2_VERSION_MAJOR .*/#define LIBSSH2_VERSION_MAJOR '$major'/g' \
-e 's/^#define LIBSSH2_VERSION_MINOR .*/#define LIBSSH2_VERSION_MINOR '$minor'/g' \
-e 's/^#define LIBSSH2_VERSION_PATCH .*/#define LIBSSH2_VERSION_PATCH '$patch'/g' \
-e "s/^#define LIBSSH2_TIMESTAMP .*/#define LIBSSH2_TIMESTAMP \"$datestamp\"/g" \
$HEADER >$HEADER.dist
$HEADER
echo "libssh2 version $libversion"
echo "libssh2 numerical $numeric"
echo "datestamp $datestamp"
if test -n "$only"; then
# done!
exit;
fi
findprog()
{
file="$1"

449
missing
View File

@@ -1,11 +1,10 @@
#! /bin/sh
# Common stub for a few missing GNU programs while installing.
# Common wrapper for a few potentially missing GNU programs.
scriptversion=2005-06-08.21
scriptversion=2013-10-28.13; # UTC
# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005
# Free Software Foundation, Inc.
# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -18,9 +17,7 @@ scriptversion=2005-06-08.21
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA.
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -28,63 +25,40 @@ scriptversion=2005-06-08.21
# the same distribution terms that you use for the rest of that program.
if test $# -eq 0; then
echo 1>&2 "Try \`$0 --help' for more information"
echo 1>&2 "Try '$0 --help' for more information"
exit 1
fi
run=:
case $1 in
# In the cases where this matters, `missing' is being run in the
# srcdir already.
if test -f configure.ac; then
configure_ac=configure.ac
else
configure_ac=configure.in
fi
--is-lightweight)
# Used by our autoconf macros to check whether the available missing
# script is modern enough.
exit 0
;;
msg="missing on your system"
case "$1" in
--run)
# Try to run requested program, and just exit if it succeeds.
run=
shift
"$@" && exit 0
# Exit code 63 means version mismatch. This often happens
# when the user try to use an ancient version of a tool on
# a file that requires a minimum version. In this case we
# we should proceed has if the program had been absent, or
# if --run hadn't been passed.
if test $? = 63; then
run=:
msg="probably too old"
fi
;;
--run)
# Back-compat with the calling convention used by older automake.
shift
;;
-h|--h|--he|--hel|--help)
echo "\
$0 [OPTION]... PROGRAM [ARGUMENT]...
Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
error status if there is no known handling for PROGRAM.
Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
to PROGRAM being missing or too old.
Options:
-h, --help display this help and exit
-v, --version output version information and exit
--run try to run the given command, and emulate it if it fails
Supported PROGRAM values:
aclocal touch file \`aclocal.m4'
autoconf touch file \`configure'
autoheader touch file \`config.h.in'
automake touch all \`Makefile.in' files
bison create \`y.tab.[ch]', if possible, from existing .[ch]
flex create \`lex.yy.c', if possible, from existing .c
help2man touch the output file
lex create \`lex.yy.c', if possible, from existing .c
makeinfo touch the output file
tar try tar, gnutar, gtar, then tar without non-portable flags
yacc create \`y.tab.[ch]', if possible, from existing .[ch]
aclocal autoconf autoheader autom4te automake makeinfo
bison yacc flex lex help2man
Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
'g' are ignored when checking the name.
Send bug reports to <bug-automake@gnu.org>."
exit $?
@@ -96,265 +70,146 @@ Send bug reports to <bug-automake@gnu.org>."
;;
-*)
echo 1>&2 "$0: Unknown \`$1' option"
echo 1>&2 "Try \`$0 --help' for more information"
echo 1>&2 "$0: unknown '$1' option"
echo 1>&2 "Try '$0 --help' for more information"
exit 1
;;
esac
# Now exit if we have it, but it failed. Also exit now if we
# don't have it and --version was passed (most likely to detect
# the program).
case "$1" in
lex|yacc)
# Not GNU programs, they don't have --version.
# Run the given program, remember its exit status.
"$@"; st=$?
# If it succeeded, we are done.
test $st -eq 0 && exit 0
# Also exit now if we it failed (or wasn't found), and '--version' was
# passed; such an option is passed most likely to detect whether the
# program is present and works.
case $2 in --version|--help) exit $st;; esac
# Exit code 63 means version mismatch. This often happens when the user
# tries to use an ancient version of a tool on a file that requires a
# minimum version.
if test $st -eq 63; then
msg="probably too old"
elif test $st -eq 127; then
# Program was missing.
msg="missing on your system"
else
# Program was found and executed, but failed. Give up.
exit $st
fi
perl_URL=http://www.perl.org/
flex_URL=http://flex.sourceforge.net/
gnu_software_URL=http://www.gnu.org/software
program_details ()
{
case $1 in
aclocal|automake)
echo "The '$1' program is part of the GNU Automake package:"
echo "<$gnu_software_URL/automake>"
echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
echo "<$gnu_software_URL/autoconf>"
echo "<$gnu_software_URL/m4/>"
echo "<$perl_URL>"
;;
autoconf|autom4te|autoheader)
echo "The '$1' program is part of the GNU Autoconf package:"
echo "<$gnu_software_URL/autoconf/>"
echo "It also requires GNU m4 and Perl in order to run:"
echo "<$gnu_software_URL/m4/>"
echo "<$perl_URL>"
;;
esac
}
give_advice ()
{
# Normalize program name to check for.
normalized_program=`echo "$1" | sed '
s/^gnu-//; t
s/^gnu//; t
s/^g//; t'`
printf '%s\n' "'$1' is $msg."
configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
case $normalized_program in
autoconf*)
echo "You should only need it if you modified 'configure.ac',"
echo "or m4 files included by it."
program_details 'autoconf'
;;
autoheader*)
echo "You should only need it if you modified 'acconfig.h' or"
echo "$configure_deps."
program_details 'autoheader'
;;
automake*)
echo "You should only need it if you modified 'Makefile.am' or"
echo "$configure_deps."
program_details 'automake'
;;
aclocal*)
echo "You should only need it if you modified 'acinclude.m4' or"
echo "$configure_deps."
program_details 'aclocal'
;;
autom4te*)
echo "You might have modified some maintainer files that require"
echo "the 'autom4te' program to be rebuilt."
program_details 'autom4te'
;;
bison*|yacc*)
echo "You should only need it if you modified a '.y' file."
echo "You may want to install the GNU Bison package:"
echo "<$gnu_software_URL/bison/>"
;;
lex*|flex*)
echo "You should only need it if you modified a '.l' file."
echo "You may want to install the Fast Lexical Analyzer package:"
echo "<$flex_URL>"
;;
help2man*)
echo "You should only need it if you modified a dependency" \
"of a man page."
echo "You may want to install the GNU Help2man package:"
echo "<$gnu_software_URL/help2man/>"
;;
makeinfo*)
echo "You should only need it if you modified a '.texi' file, or"
echo "any other file indirectly affecting the aspect of the manual."
echo "You might want to install the Texinfo package:"
echo "<$gnu_software_URL/texinfo/>"
echo "The spurious makeinfo call might also be the consequence of"
echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
echo "want to install GNU make:"
echo "<$gnu_software_URL/make/>"
;;
*)
echo "You might have modified some files without having the proper"
echo "tools for further handling them. Check the 'README' file, it"
echo "often tells you about the needed prerequisites for installing"
echo "this package. You may also peek at any GNU archive site, in"
echo "case some other package contains this missing '$1' program."
;;
esac
}
tar)
if test -n "$run"; then
echo 1>&2 "ERROR: \`tar' requires --run"
exit 1
elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
exit 1
fi
;;
give_advice "$1" | sed -e '1s/^/WARNING: /' \
-e '2,$s/^/ /' >&2
*)
if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
# We have it, but it failed.
exit 1
elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
# Could not run --version or --help. This is probably someone
# running `$TOOL --version' or `$TOOL --help' to check whether
# $TOOL exists and not knowing $TOOL uses missing.
exit 1
fi
;;
esac
# If it does not exist, or fails to run (possibly an outdated version),
# try to emulate it.
case "$1" in
aclocal*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`acinclude.m4' or \`${configure_ac}'. You might want
to install the \`Automake' and \`Perl' packages. Grab them from
any GNU archive site."
touch aclocal.m4
;;
autoconf)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`${configure_ac}'. You might want to install the
\`Autoconf' and \`GNU m4' packages. Grab them from any GNU
archive site."
touch configure
;;
autoheader)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`acconfig.h' or \`${configure_ac}'. You might want
to install the \`Autoconf' and \`GNU m4' packages. Grab them
from any GNU archive site."
files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
test -z "$files" && files="config.h"
touch_files=
for f in $files; do
case "$f" in
*:*) touch_files="$touch_files "`echo "$f" |
sed -e 's/^[^:]*://' -e 's/:.*//'`;;
*) touch_files="$touch_files $f.in";;
esac
done
touch $touch_files
;;
automake*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
You might want to install the \`Automake' and \`Perl' packages.
Grab them from any GNU archive site."
find . -type f -name Makefile.am -print |
sed 's/\.am$/.in/' |
while read f; do touch "$f"; done
;;
autom4te)
echo 1>&2 "\
WARNING: \`$1' is needed, but is $msg.
You might have modified some files without having the
proper tools for further handling them.
You can get \`$1' as part of \`Autoconf' from any GNU
archive site."
file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'`
test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'`
if test -f "$file"; then
touch $file
else
test -z "$file" || exec >$file
echo "#! /bin/sh"
echo "# Created by GNU Automake missing as a replacement of"
echo "# $ $@"
echo "exit 0"
chmod +x $file
exit 1
fi
;;
bison|yacc)
echo 1>&2 "\
WARNING: \`$1' $msg. You should only need it if
you modified a \`.y' file. You may need the \`Bison' package
in order for those modifications to take effect. You can get
\`Bison' from any GNU archive site."
rm -f y.tab.c y.tab.h
if [ $# -ne 1 ]; then
eval LASTARG="\${$#}"
case "$LASTARG" in
*.y)
SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
if [ -f "$SRCFILE" ]; then
cp "$SRCFILE" y.tab.c
fi
SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
if [ -f "$SRCFILE" ]; then
cp "$SRCFILE" y.tab.h
fi
;;
esac
fi
if [ ! -f y.tab.h ]; then
echo >y.tab.h
fi
if [ ! -f y.tab.c ]; then
echo 'main() { return 0; }' >y.tab.c
fi
;;
lex|flex)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a \`.l' file. You may need the \`Flex' package
in order for those modifications to take effect. You can get
\`Flex' from any GNU archive site."
rm -f lex.yy.c
if [ $# -ne 1 ]; then
eval LASTARG="\${$#}"
case "$LASTARG" in
*.l)
SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
if [ -f "$SRCFILE" ]; then
cp "$SRCFILE" lex.yy.c
fi
;;
esac
fi
if [ ! -f lex.yy.c ]; then
echo 'main() { return 0; }' >lex.yy.c
fi
;;
help2man)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a dependency of a manual page. You may need the
\`Help2man' package in order for those modifications to take
effect. You can get \`Help2man' from any GNU archive site."
file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
if test -z "$file"; then
file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'`
fi
if [ -f "$file" ]; then
touch $file
else
test -z "$file" || exec >$file
echo ".ab help2man is required to generate this page"
exit 1
fi
;;
makeinfo)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a \`.texi' or \`.texinfo' file, or any other file
indirectly affecting the aspect of the manual. The spurious
call might also be the consequence of using a buggy \`make' (AIX,
DU, IRIX). You might want to install the \`Texinfo' package or
the \`GNU make' package. Grab either from any GNU archive site."
# The file to touch is that specified with -o ...
file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
if test -z "$file"; then
# ... or it is the one specified with @setfilename ...
infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $infile`
# ... or it is derived from the source name (dir/f.texi becomes f.info)
test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
fi
# If the file does not exist, the user really needs makeinfo;
# let's fail without touching anything.
test -f $file || exit 1
touch $file
;;
tar)
shift
# We have already tried tar in the generic part.
# Look for gnutar/gtar before invocation to avoid ugly error
# messages.
if (gnutar --version > /dev/null 2>&1); then
gnutar "$@" && exit 0
fi
if (gtar --version > /dev/null 2>&1); then
gtar "$@" && exit 0
fi
firstarg="$1"
if shift; then
case "$firstarg" in
*o*)
firstarg=`echo "$firstarg" | sed s/o//`
tar "$firstarg" "$@" && exit 0
;;
esac
case "$firstarg" in
*h*)
firstarg=`echo "$firstarg" | sed s/h//`
tar "$firstarg" "$@" && exit 0
;;
esac
fi
echo 1>&2 "\
WARNING: I can't seem to be able to run \`tar' with the given arguments.
You may want to install GNU tar or Free paxutils, or check the
command line arguments."
exit 1
;;
*)
echo 1>&2 "\
WARNING: \`$1' is needed, and is $msg.
You might have modified some files without having the
proper tools for further handling them. Check the \`README' file,
it often tells you about the needed prerequisites for installing
this package. You may also peek at any GNU archive site, in case
some other package would contain this missing \`$1' program."
exit 1
;;
esac
exit 0
# Propagate the correct exit status (expected to be 127 for a program
# not found, 63 for a program that failed due to version mismatch).
exit $st
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-end: "$"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

6
nw/GNUmakefile
View File

@@ -38,7 +38,7 @@ DEVLARC = $(DEVLDIR).zip
TARGET = libssh2
VERSION = $(LIBSSH2_VERSION)
CPRIGHT = Copyright (c) $(LIBSSH2_COPYRIGHT_STR)
WWWURL = http://www.libssh2.org/
WWWURL = https://www.libssh2.org/
DESCR = libssh2 $(LIBSSH2_VERSION_STR) ($(LIBARCH)) - $(WWWURL)
MTSAFE = YES
STACK = 64000
@@ -223,7 +223,7 @@ include ../Makefile.inc
OBJECTS := $(patsubst %.c,%.o,$(CSOURCES))
ifeq ($(LIBARCH),CLIB)
# CLIB lacks of snprint() function - here's a replacement:
# http://www.ijs.si/software/snprintf/
# https://www.ijs.si/software/snprintf/
OBJECTS += snprintf.o
vpath %.c $(SNPRINTF)
endif
@@ -388,7 +388,7 @@ libssh2_config.h: GNUmakefile
@echo $(DL)** All your changes will be lost!!$(DL) >> $@
@echo $(DL)*/$(DL) >> $@
@echo $(DL)#define VERSION "$(LIBSSH2_VERSION_STR)"$(DL) >> $@
@echo $(DL)#define PACKAGE_BUGREPORT "http://sourceforge.net/projects/libssh2"$(DL) >> $@
@echo $(DL)#define PACKAGE_BUGREPORT "https://github.com/libssh2/libssh2/issues"$(DL) >> $@
ifeq ($(LIBARCH),CLIB)
@echo $(DL)#define OS "i586-pc-clib-NetWare"$(DL) >> $@
@echo $(DL)#define NETDB_USE_INTERNET 1$(DL) >> $@

27
src/CMakeLists.txt
View File

@@ -48,7 +48,7 @@ set(CRYPTO_BACKEND
""
CACHE
STRING
"The backend to use for cryptography: OpenSSL, Libgcrypt or WinCNG,
"The backend to use for cryptography: OpenSSL, Libgcrypt or WinCNG, mbedTLS
or empty to try any available")
# If the crypto backend was given, rather than searching for the first
@@ -71,6 +71,11 @@ if(CRYPTO_BACKEND STREQUAL "OpenSSL" OR NOT CRYPTO_BACKEND)
list(APPEND PC_REQUIRES_PRIVATE libssl libcrypto)
if (WIN32)
# Statically linking to OpenSSL requires crypt32 for some Windows APIs.
# This should really be handled by FindOpenSSL.cmake.
list(APPEND LIBRARIES crypt32)
list(APPEND PC_LIBS -lcrypt32)
find_file(DLL_LIBEAY32
NAMES libeay32.dll crypto.dll
HINTS ${_OPENSSL_ROOT_HINTS} PATHS ${_OPENSSL_ROOT_PATHS}
@@ -146,6 +151,21 @@ if(CRYPTO_BACKEND STREQUAL "WinCNG" OR NOT CRYPTO_BACKEND)
endif()
endif()
if(CRYPTO_BACKEND STREQUAL "mbedTLS" OR NOT CRYPTO_BACKEND)
find_package(mbedTLS ${SPECIFIC_CRYPTO_REQUIREMENT})
if(MBEDTLS_FOUND)
set(CRYPTO_BACKEND "mbedTLS")
set(CRYPTO_SOURCES mbedtls.c mbedtls.h)
list(APPEND PRIVATE_COMPILE_DEFINITIONS LIBSSH2_MBEDTLS)
list(APPEND PRIVATE_INCLUDE_DIRECTORIES ${MBEDTLS_INCLUDE_DIR})
list(APPEND LIBRARIES ${MBEDTLS_LIBRARIES})
list(APPEND PC_LIBS -lmbedcrypto)
link_directories(${MBEDTLS_LIBRARY_DIR})
endif()
endif()
if(NOT CRYPTO_BACKEND)
message(FATAL_ERROR "No suitable cryptography backend found.")
endif()
@@ -204,6 +224,11 @@ target_include_directories(libssh2
## Options
option(CLEAR_MEMORY "Enable clearing of memory before being freed" ON)
if(CLEAR_MEMORY)
add_definitions(-DLIBSSH2_CLEAR_MEMORY)
endif(CLEAR_MEMORY)
add_feature_info("Shared library" BUILD_SHARED_LIBS
"creating libssh2 as a shared library (.so/.dll)")

3
src/Makefile.am
View File

@@ -14,6 +14,9 @@ endif
if OS400QC3
include ../Makefile.os400qc3.inc
endif
if MBEDTLS
include ../Makefile.mbedTLS.inc
endif
# Makefile.inc provides the CSOURCES and HHEADERS defines
include ../Makefile.inc

30
src/Makefile.in
View File

@@ -137,14 +137,15 @@ libssh2_la_LIBADD =
am__libssh2_la_SOURCES_DIST = channel.c comp.c crypt.c hostkey.c kex.c \
mac.c misc.c packet.c publickey.c scp.c session.c sftp.c \
userauth.c transport.c version.c knownhost.c agent.c \
libgcrypt.c openssl.c os400qc3.c wincng.c pem.c keepalive.c \
global.c libssh2_priv.h libgcrypt.h openssl.h os400qc3.h \
wincng.h transport.h channel.h comp.h mac.h misc.h packet.h \
userauth.h session.h sftp.h crypto.h
@LIBGCRYPT_FALSE@@OPENSSL_FALSE@@OS400QC3_FALSE@@WINCNG_TRUE@am__objects_1 = wincng.lo
@LIBGCRYPT_FALSE@@OPENSSL_FALSE@@OS400QC3_TRUE@am__objects_1 = \
@LIBGCRYPT_FALSE@@OPENSSL_FALSE@@OS400QC3_TRUE@ os400qc3.lo
@LIBGCRYPT_FALSE@@OPENSSL_TRUE@am__objects_1 = openssl.lo
libgcrypt.c mbedtls.c openssl.c os400qc3.c wincng.c pem.c \
keepalive.c global.c libssh2_priv.h libgcrypt.h mbedtls.h \
openssl.h os400qc3.h wincng.h transport.h channel.h comp.h \
mac.h misc.h packet.h userauth.h session.h sftp.h crypto.h
@LIBGCRYPT_FALSE@@MBEDTLS_FALSE@@OPENSSL_FALSE@@OS400QC3_FALSE@@WINCNG_TRUE@am__objects_1 = wincng.lo
@LIBGCRYPT_FALSE@@MBEDTLS_FALSE@@OPENSSL_FALSE@@OS400QC3_TRUE@am__objects_1 = os400qc3.lo
@LIBGCRYPT_FALSE@@MBEDTLS_FALSE@@OPENSSL_TRUE@am__objects_1 = \
@LIBGCRYPT_FALSE@@MBEDTLS_FALSE@@OPENSSL_TRUE@ openssl.lo
@LIBGCRYPT_FALSE@@MBEDTLS_TRUE@am__objects_1 = mbedtls.lo
@LIBGCRYPT_TRUE@am__objects_1 = libgcrypt.lo
am__objects_2 = channel.lo comp.lo crypt.lo hostkey.lo kex.lo mac.lo \
misc.lo packet.lo publickey.lo scp.lo session.lo sftp.lo \
@@ -225,6 +226,7 @@ CTAGS = ctags
am__DIST_COMMON = $(srcdir)/../Makefile.OpenSSL.inc \
$(srcdir)/../Makefile.WinCNG.inc $(srcdir)/../Makefile.inc \
$(srcdir)/../Makefile.libgcrypt.inc \
$(srcdir)/../Makefile.mbedTLS.inc \
$(srcdir)/../Makefile.os400qc3.inc $(srcdir)/Makefile.in \
$(srcdir)/libssh2_config.h.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -259,6 +261,7 @@ GREP = @GREP@
HAVE_LIBBCRYPT = @HAVE_LIBBCRYPT@
HAVE_LIBCRYPT32 = @HAVE_LIBCRYPT32@
HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
HAVE_LIBMBEDTLS = @HAVE_LIBMBEDTLS@
HAVE_LIBSSL = @HAVE_LIBSSL@
HAVE_LIBZ = @HAVE_LIBZ@
INSTALL = @INSTALL@
@@ -274,6 +277,8 @@ LIBCRYPT32 = @LIBCRYPT32@
LIBCRYPT32_PREFIX = @LIBCRYPT32_PREFIX@
LIBGCRYPT = @LIBGCRYPT@
LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
LIBMBEDTLS = @LIBMBEDTLS@
LIBMBEDTLS_PREFIX = @LIBMBEDTLS_PREFIX@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBSREQUIRED = @LIBSREQUIRED@
@@ -288,9 +293,11 @@ LN_S = @LN_S@
LTLIBBCRYPT = @LTLIBBCRYPT@
LTLIBCRYPT32 = @LTLIBCRYPT32@
LTLIBGCRYPT = @LTLIBGCRYPT@
LTLIBMBEDTLS = @LTLIBMBEDTLS@
LTLIBOBJS = @LTLIBOBJS@
LTLIBSSL = @LTLIBSSL@
LTLIBZ = @LTLIBZ@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
@@ -373,10 +380,12 @@ top_srcdir = @top_srcdir@
# $Id: Makefile.am,v 1.21 2009/05/07 17:21:56 bagder Exp $
AUTOMAKE_OPTIONS = foreign nostdinc
@LIBGCRYPT_TRUE@CRYPTO_CSOURCES = libgcrypt.c
@MBEDTLS_TRUE@CRYPTO_CSOURCES = mbedtls.c
@OPENSSL_TRUE@CRYPTO_CSOURCES = openssl.c
@OS400QC3_TRUE@CRYPTO_CSOURCES = os400qc3.c
@WINCNG_TRUE@CRYPTO_CSOURCES = wincng.c
@LIBGCRYPT_TRUE@CRYPTO_HHEADERS = libgcrypt.h
@MBEDTLS_TRUE@CRYPTO_HHEADERS = mbedtls.h
@OPENSSL_TRUE@CRYPTO_HHEADERS = openssl.h
@OS400QC3_TRUE@CRYPTO_HHEADERS = os400qc3.h
@WINCNG_TRUE@CRYPTO_HHEADERS = wincng.h
@@ -437,7 +446,7 @@ all: libssh2_config.h
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(srcdir)/../Makefile.OpenSSL.inc $(srcdir)/../Makefile.libgcrypt.inc $(srcdir)/../Makefile.WinCNG.inc $(srcdir)/../Makefile.os400qc3.inc $(srcdir)/../Makefile.inc $(am__configure_deps)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(srcdir)/../Makefile.OpenSSL.inc $(srcdir)/../Makefile.libgcrypt.inc $(srcdir)/../Makefile.WinCNG.inc $(srcdir)/../Makefile.os400qc3.inc $(srcdir)/../Makefile.mbedTLS.inc $(srcdir)/../Makefile.inc $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
@@ -457,7 +466,7 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(srcdir)/../Makefile.OpenSSL.inc $(srcdir)/../Makefile.libgcrypt.inc $(srcdir)/../Makefile.WinCNG.inc $(srcdir)/../Makefile.os400qc3.inc $(srcdir)/../Makefile.inc $(am__empty):
$(srcdir)/../Makefile.OpenSSL.inc $(srcdir)/../Makefile.libgcrypt.inc $(srcdir)/../Makefile.WinCNG.inc $(srcdir)/../Makefile.os400qc3.inc $(srcdir)/../Makefile.mbedTLS.inc $(srcdir)/../Makefile.inc $(am__empty):
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
@@ -538,6 +547,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/knownhost.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mbedtls.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/os400qc3.Plo@am__quote@

2
src/channel.c
View File

@@ -270,7 +270,7 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type,
switch (reason_code) {
case SSH_OPEN_ADMINISTRATIVELY_PROHIBITED:
_libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
"Channel open failure (admininstratively prohibited)");
"Channel open failure (administratively prohibited)");
break;
case SSH_OPEN_CONNECT_FAILED:
_libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,

4
src/crypto.h
View File

@@ -54,6 +54,10 @@
#include "os400qc3.h"
#endif
#ifdef LIBSSH2_MBEDTLS
#include "mbedtls.h"
#endif
int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
const unsigned char *edata,
unsigned long elen,

2
src/kex.c
View File

@@ -133,7 +133,7 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
/* Generate x and e */
_libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
_libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
_libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
exchange_state->ctx);

3
src/libgcrypt.c
View File

@@ -409,6 +409,9 @@ _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session,
}
*signature = LIBSSH2_ALLOC(session, size);
if (!*signature) {
return -1;
}
memcpy(*signature, tmp, size);
*signature_len = size;

9
src/libssh2_config.h.in
View File

@@ -64,6 +64,9 @@
/* Define if you have the gcrypt library. */
#undef HAVE_LIBGCRYPT
/* Define if you have the mbedtls library. */
#undef HAVE_LIBMBEDTLS
/* Define if you have the ssl library. */
#undef HAVE_LIBSSL
@@ -172,14 +175,16 @@
/* Enable "none" MAC -- NOT RECOMMENDED */
#undef LIBSSH2_MAC_NONE
/* Use mbedtls */
#undef LIBSSH2_MBEDTLS
/* Use OpenSSL */
#undef LIBSSH2_OPENSSL
/* Use Windows CNG */
#undef LIBSSH2_WINCNG
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
/* Define to the sub-directory where libtool stores uninstalled libraries. */
#undef LT_OBJDIR
/* Define to 1 if _REENTRANT preprocessor symbol must be defined. */

4
src/libssh2_priv.h
View File

@@ -65,8 +65,8 @@
consistent names of these fields. While arguable the best would to
change libssh2.h to use other names, that would break backwards
compatibility. For more information, see:
http://www.mail-archive.com/libssh2-devel%40lists.sourceforge.net/msg00003.html
http://www.mail-archive.com/libssh2-devel%40lists.sourceforge.net/msg00224.html
https://www.mail-archive.com/libssh2-devel%40lists.sourceforge.net/msg00003.html
https://www.mail-archive.com/libssh2-devel%40lists.sourceforge.net/msg00224.html
*/
#ifdef HAVE_POLL
# include <sys/poll.h>

606
src/mbedtls.c Normal file
View File

@@ -0,0 +1,606 @@
#include "libssh2_priv.h"
#ifdef LIBSSH2_MBEDTLS /* compile only if we build with mbedtls */
/*******************************************************************/
/*
* mbedTLS backend: Generic functions
*/
void
_libssh2_mbedtls_init(void)
{
int ret;
mbedtls_entropy_init(&_libssh2_mbedtls_entropy);
mbedtls_ctr_drbg_init(&_libssh2_mbedtls_ctr_drbg);
ret = mbedtls_ctr_drbg_seed(&_libssh2_mbedtls_ctr_drbg,
mbedtls_entropy_func,
&_libssh2_mbedtls_entropy, NULL, 0);
if (ret != 0)
mbedtls_ctr_drbg_free(&_libssh2_mbedtls_ctr_drbg);
}
void
_libssh2_mbedtls_free(void)
{
mbedtls_ctr_drbg_free(&_libssh2_mbedtls_ctr_drbg);
mbedtls_entropy_free(&_libssh2_mbedtls_entropy);
}
int
_libssh2_mbedtls_random(unsigned char *buf, int len)
{
int ret;
ret = mbedtls_ctr_drbg_random(&_libssh2_mbedtls_ctr_drbg, buf, len);
return ret == 0 ? 0 : -1;
}
static void
_libssh2_mbedtls_safe_free(void *buf, int len)
{
#ifndef LIBSSH2_CLEAR_MEMORY
(void)len;
#endif
if (!buf)
return;
#ifdef LIBSSH2_CLEAR_MEMORY
if (len > 0)
memset(buf, 0, len);
#endif
mbedtls_free(buf);
}
int
_libssh2_mbedtls_cipher_init(_libssh2_cipher_ctx *ctx,
_libssh2_cipher_type(algo),
unsigned char *iv,
unsigned char *secret,
int encrypt)
{
const mbedtls_cipher_info_t *cipher_info;
int ret, op;
if (!ctx)
return -1;
op = encrypt == 0 ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT;
cipher_info = mbedtls_cipher_info_from_type(algo);
if(!cipher_info)
return -1;
mbedtls_cipher_init(ctx);
ret = mbedtls_cipher_setup(ctx, cipher_info);
if(!ret)
ret = mbedtls_cipher_setkey(ctx, secret, cipher_info->key_bitlen, op);
if(!ret)
ret = mbedtls_cipher_set_iv(ctx, iv, cipher_info->iv_size);
return ret == 0 ? 0 : -1;
}
int
_libssh2_mbedtls_cipher_crypt(_libssh2_cipher_ctx *ctx,
_libssh2_cipher_type(algo),
int encrypt,
unsigned char *block,
size_t blocklen)
{
int ret;
unsigned char *output;
size_t osize, olen, finish_olen;
(void) encrypt;
(void) algo;
osize = blocklen+mbedtls_cipher_get_block_size(ctx);
output = (unsigned char *)mbedtls_calloc(osize, sizeof(char));
if(output)
{
ret = mbedtls_cipher_reset(ctx);
if(!ret)
ret = mbedtls_cipher_update(ctx, block, blocklen, output, &olen);
if(!ret)
ret = mbedtls_cipher_finish(ctx, output + olen, &finish_olen);
if (!ret) {
olen += finish_olen;
memcpy(block, output, olen);
}
_libssh2_mbedtls_safe_free(output, osize);
}
else
ret = -1;
return ret == 0 ? 0 : -1;
}
void
_libssh2_mbedtls_cipher_dtor(_libssh2_cipher_ctx *ctx)
{
mbedtls_cipher_free(ctx);
}
int
_libssh2_mbedtls_hash_init(mbedtls_md_context_t *ctx,
mbedtls_md_type_t mdtype,
const unsigned char *key, unsigned long keylen)
{
const mbedtls_md_info_t *md_info;
int ret, hmac;
md_info = mbedtls_md_info_from_type(mdtype);
if(!md_info)
return 0;
hmac = key == NULL ? 0 : 1;
mbedtls_md_init(ctx);
ret = mbedtls_md_setup(ctx, md_info, hmac);
if (!ret){
if (hmac)
ret = mbedtls_md_hmac_starts(ctx, key, keylen);
else
ret = mbedtls_md_starts(ctx);
}
return ret == 0 ? 1 : 0;
}
int
_libssh2_mbedtls_hash_final(mbedtls_md_context_t *ctx, unsigned char *hash)
{
int ret;
ret = mbedtls_md_finish(ctx, hash);
mbedtls_md_free(ctx);
return ret == 0 ? 0 : -1;
}
int
_libssh2_mbedtls_hash(const unsigned char *data, unsigned long datalen,
mbedtls_md_type_t mdtype, unsigned char *hash)
{
const mbedtls_md_info_t *md_info;
int ret;
md_info = mbedtls_md_info_from_type(mdtype);
if(!md_info)
return 0;
ret = mbedtls_md(md_info, data, datalen, hash);
return ret == 0 ? 0 : -1;
}
/*******************************************************************/
/*
* mbedTLS backend: BigNumber functions
*/
_libssh2_bn *
_libssh2_mbedtls_bignum_init(void)
{
_libssh2_bn *bignum;
bignum = (_libssh2_bn *)mbedtls_calloc(1, sizeof(_libssh2_bn));
if (bignum) {
mbedtls_mpi_init(bignum);
}
return bignum;
}
int
_libssh2_mbedtls_bignum_random(_libssh2_bn *bn, int bits, int top, int bottom)
{
size_t len;
int err;
int i;
if (!bn || bits <= 0)
return -1;
len = (bits + 7) >> 3;
err = mbedtls_mpi_fill_random(bn, len, mbedtls_ctr_drbg_random, &_libssh2_mbedtls_ctr_drbg);
if (err)
return -1;
/* Zero unsued bits above the most significant bit*/
for(i=len*8-1;bits<=i;--i) {
err = mbedtls_mpi_set_bit(bn, i, 0);
if (err)
return -1;
}
/* If `top` is -1, the most significant bit of the random number can be zero.
If top is 0, the most significant bit of the random number is set to 1,
and if top is 1, the two most significant bits of the number will be set
to 1, so that the product of two such random numbers will always have 2*bits length.
*/
for(i=0;i<=top;++i) {
err = mbedtls_mpi_set_bit(bn, bits-i-1, 1);
if (err)
return -1;
}
/* make odd by setting first bit in least significant byte */
if (bottom) {
err = mbedtls_mpi_set_bit(bn, 0, 1);
if (err)
return -1;
}
return 0;
}
/*******************************************************************/
/*
* mbedTLS backend: RSA functions
*/
int
_libssh2_mbedtls_rsa_new(libssh2_rsa_ctx **rsa,
const unsigned char *edata,
unsigned long elen,
const unsigned char *ndata,
unsigned long nlen,
const unsigned char *ddata,
unsigned long dlen,
const unsigned char *pdata,
unsigned long plen,
const unsigned char *qdata,
unsigned long qlen,
const unsigned char *e1data,
unsigned long e1len,
const unsigned char *e2data,
unsigned long e2len,
const unsigned char *coeffdata,
unsigned long coefflen)
{
int ret;
libssh2_rsa_ctx *ctx;
ctx = (libssh2_rsa_ctx *) mbedtls_calloc(1, sizeof(libssh2_rsa_ctx));
if (ctx != NULL) {
mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, 0);
}
else
return -1;
if( (ret = mbedtls_mpi_read_binary(&(ctx->E), edata, elen) ) != 0 ||
(ret = mbedtls_mpi_read_binary(&(ctx->N), ndata, nlen) ) != 0 )
{
ret = -1;
}
if (!ret)
{
ctx->len = mbedtls_mpi_size(&(ctx->N));
}
if (!ret && ddata)
{
if( (ret = mbedtls_mpi_read_binary(&(ctx->D) , ddata, dlen) ) != 0 ||
(ret = mbedtls_mpi_read_binary(&(ctx->P) , pdata, plen) ) != 0 ||
(ret = mbedtls_mpi_read_binary(&(ctx->Q) , qdata, qlen) ) != 0 ||
(ret = mbedtls_mpi_read_binary(&(ctx->DP), e1data, e1len) ) != 0 ||
(ret = mbedtls_mpi_read_binary(&(ctx->DQ), e2data, e2len) ) != 0 ||
(ret = mbedtls_mpi_read_binary(&(ctx->QP), coeffdata, coefflen) ) != 0 )
{
ret = -1;
}
ret = mbedtls_rsa_check_privkey(ctx);
}
else if (!ret)
{
ret = mbedtls_rsa_check_pubkey(ctx);
}
if (ret && ctx) {
_libssh2_mbedtls_rsa_free(ctx);
ctx = NULL;
}
*rsa = ctx;
return ret;
}
int
_libssh2_mbedtls_rsa_new_private(libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
const char *filename,
const unsigned char *passphrase)
{
int ret;
mbedtls_pk_context pkey;
*rsa = (libssh2_rsa_ctx *) LIBSSH2_ALLOC(session, sizeof(libssh2_rsa_ctx));
if (*rsa == NULL)
return -1;
mbedtls_rsa_init(*rsa, MBEDTLS_RSA_PKCS_V15, 0);
mbedtls_pk_init(&pkey);
ret = mbedtls_pk_parse_keyfile(&pkey, filename, (char *)passphrase);
if( ret != 0 || mbedtls_pk_get_type(&pkey) != MBEDTLS_PK_RSA)
{
mbedtls_pk_free(&pkey);
mbedtls_rsa_free(*rsa);
LIBSSH2_FREE(session, *rsa);
*rsa = NULL;
return -1;
}
mbedtls_rsa_context *pk_rsa = mbedtls_pk_rsa(pkey);
mbedtls_rsa_copy(*rsa, pk_rsa);
mbedtls_pk_free(&pkey);
return 0;
}
int
_libssh2_mbedtls_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
const char *filedata,
size_t filedata_len,
unsigned const char *passphrase)
{
int ret;
mbedtls_pk_context pkey;
*rsa = (libssh2_rsa_ctx *) mbedtls_calloc( 1, sizeof( libssh2_rsa_ctx ) );
if (*rsa == NULL)
return -1;
mbedtls_pk_init(&pkey);
ret = mbedtls_pk_parse_key(&pkey, (unsigned char *)filedata,
filedata_len, NULL, 0);
if( ret != 0 || mbedtls_pk_get_type(&pkey) != MBEDTLS_PK_RSA)
{
mbedtls_pk_free(&pkey);
mbedtls_rsa_free(*rsa);
LIBSSH2_FREE(session, *rsa);
*rsa = NULL;
return -1;
}
mbedtls_rsa_context *pk_rsa = mbedtls_pk_rsa(pkey);
mbedtls_rsa_copy(*rsa, pk_rsa);
mbedtls_pk_free(&pkey);
return 0;
}
int
_libssh2_mbedtls_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
const unsigned char *sig,
unsigned long sig_len,
const unsigned char *m,
unsigned long m_len)
{
unsigned char hash[SHA_DIGEST_LENGTH];
int ret;
ret = _libssh2_mbedtls_hash(m, m_len, MBEDTLS_MD_SHA1, hash);
if(ret)
return -1; /* failure */
ret = mbedtls_rsa_pkcs1_verify(rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_SHA1, SHA_DIGEST_LENGTH, hash, sig);
return (ret == 0) ? 0 : -1;
}
int
_libssh2_mbedtls_rsa_sha1_sign(LIBSSH2_SESSION *session,
libssh2_rsa_ctx *rsa,
const unsigned char *hash,
size_t hash_len,
unsigned char **signature,
size_t *signature_len)
{
int ret;
unsigned char *sig;
unsigned int sig_len;
(void)hash_len;
sig_len = rsa->len;
sig = LIBSSH2_ALLOC(session, sig_len);
if (!sig) {
return -1;
}
ret = mbedtls_rsa_pkcs1_sign(rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE,
MBEDTLS_MD_SHA1, SHA_DIGEST_LENGTH,
hash, sig);
if (ret) {
LIBSSH2_FREE(session, sig);
return -1;
}
*signature = sig;
*signature_len = sig_len;
return (ret == 0) ? 0 : -1;
}
void
_libssh2_mbedtls_rsa_free(libssh2_rsa_ctx *ctx)
{
mbedtls_rsa_free(ctx);
mbedtls_free(ctx);
}
static unsigned char *
gen_publickey_from_rsa(LIBSSH2_SESSION *session,
mbedtls_rsa_context *rsa,
size_t *keylen)
{
int e_bytes, n_bytes;
unsigned long len;
unsigned char* key;
unsigned char* p;
e_bytes = mbedtls_mpi_size(&rsa->E);
n_bytes = mbedtls_mpi_size(&rsa->N);
/* Key form is "ssh-rsa" + e + n. */
len = 4 + 7 + 4 + e_bytes + 4 + n_bytes;
key = LIBSSH2_ALLOC(session, len);
if (!key) {
return NULL;
}
/* Process key encoding. */
p = key;
_libssh2_htonu32(p, 7); /* Key type. */
p += 4;
memcpy(p, "ssh-rsa", 7);
p += 7;
_libssh2_htonu32(p, e_bytes);
p += 4;
mbedtls_mpi_write_binary(&rsa->E, p, e_bytes);
_libssh2_htonu32(p, n_bytes);
p += 4;
mbedtls_mpi_write_binary(&rsa->N, p, n_bytes);
*keylen = (size_t)(p - key);
return key;
}
static int
_libssh2_mbedtls_pub_priv_key(LIBSSH2_SESSION *session,
unsigned char **method,
size_t *method_len,
unsigned char **pubkeydata,
size_t *pubkeydata_len,
mbedtls_pk_context *pkey)
{
unsigned char *key = NULL, *mth = NULL;
size_t keylen = 0, mthlen = 0;
int ret;
if( mbedtls_pk_get_type(pkey) != MBEDTLS_PK_RSA )
{
mbedtls_pk_free(pkey);
return _libssh2_error(session, LIBSSH2_ERROR_FILE,
"Key type not supported");
}
// write method
mthlen = 7;
mth = LIBSSH2_ALLOC(session, mthlen);
if (mth) {
memcpy(mth, "ssh-rsa", mthlen);
} else {
ret = -1;
}
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pkey);
key = gen_publickey_from_rsa(session, rsa, &keylen);
if (key == NULL) {
ret = -1;
}
// write output
if (ret) {
if (mth)
LIBSSH2_FREE(session, mth);
if (key)
LIBSSH2_FREE(session, key);
} else {
*method = mth;
*method_len = mthlen;
*pubkeydata = key;
*pubkeydata_len = keylen;
}
return ret;
}
int
_libssh2_mbedtls_pub_priv_keyfile(LIBSSH2_SESSION *session,
unsigned char **method,
size_t *method_len,
unsigned char **pubkeydata,
size_t *pubkeydata_len,
const char *privatekey,
const char *passphrase)
{
mbedtls_pk_context pkey;
char buf[1024];
int ret;
mbedtls_pk_init(&pkey);
ret = mbedtls_pk_parse_keyfile(&pkey, privatekey, passphrase);
if( ret != 0 )
{
mbedtls_strerror(ret, (char *)buf, sizeof(buf));
mbedtls_pk_free(&pkey);
return _libssh2_error(session, LIBSSH2_ERROR_FILE, buf);
}
ret = _libssh2_mbedtls_pub_priv_key(session, method, method_len,
pubkeydata, pubkeydata_len, &pkey);
mbedtls_pk_free(&pkey);
return ret;
}
int
_libssh2_mbedtls_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
unsigned char **method,
size_t *method_len,
unsigned char **pubkeydata,
size_t *pubkeydata_len,
const char *privatekeydata,
size_t privatekeydata_len,
const char *passphrase)
{
mbedtls_pk_context pkey;
char buf[1024];
int ret;
mbedtls_pk_init(&pkey);
ret = mbedtls_pk_parse_key(&pkey, (unsigned char *)privatekeydata,
privatekeydata_len, NULL, 0);
if( ret != 0 )
{
mbedtls_strerror(ret, (char *)buf, sizeof(buf));
mbedtls_pk_free(&pkey);
return _libssh2_error(session, LIBSSH2_ERROR_FILE, buf);
}
ret = _libssh2_mbedtls_pub_priv_key(session, method, method_len,
pubkeydata, pubkeydata_len, &pkey);
mbedtls_pk_free(&pkey);
return ret;
}
void _libssh2_init_aes_ctr(void)
{
/* no implementation */
}
#endif /* LIBSSH2_MBEDTLS */

371
src/mbedtls.h Normal file
View File

@@ -0,0 +1,371 @@
#include <stdlib.h>
#include <string.h>
#include <mbedtls/platform.h>
#include <mbedtls/md.h>
#include <mbedtls/rsa.h>
#include <mbedtls/bignum.h>
#include <mbedtls/cipher.h>
#include <mbedtls/entropy.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/pk.h>
#include <mbedtls/error.h>
/* Define which features are supported. */
#define LIBSSH2_MD5 1
#define LIBSSH2_HMAC_RIPEMD 1
#define LIBSSH2_HMAC_SHA256 1
#define LIBSSH2_HMAC_SHA512 1
#define LIBSSH2_AES 1
#define LIBSSH2_AES_CTR 1
#define LIBSSH2_BLOWFISH 1
#define LIBSSH2_RC4 1
#define LIBSSH2_CAST 0
#define LIBSSH2_3DES 1
#define LIBSSH2_RSA 1
#define LIBSSH2_DSA 0
#define MD5_DIGEST_LENGTH 16
#define SHA_DIGEST_LENGTH 20
#define SHA256_DIGEST_LENGTH 32
#define SHA512_DIGEST_LENGTH 64
/*******************************************************************/
/*
* mbedTLS backend: Global context handles
*/
mbedtls_entropy_context _libssh2_mbedtls_entropy;
mbedtls_ctr_drbg_context _libssh2_mbedtls_ctr_drbg;
/*******************************************************************/
/*
* mbedTLS backend: Generic functions
*/
#define libssh2_crypto_init() \
_libssh2_mbedtls_init()
#define libssh2_crypto_exit() \
_libssh2_mbedtls_free()
#define _libssh2_random(buf, len) \
_libssh2_mbedtls_random(buf, len)
#define libssh2_prepare_iovec(vec, len) /* Empty. */
/*******************************************************************/
/*
* mbedTLS backend: HMAC functions
*/
#define libssh2_hmac_ctx mbedtls_md_context_t
#define libssh2_hmac_ctx_init(ctx)
#define libssh2_hmac_cleanup(pctx) \
mbedtls_md_free(pctx)
#define libssh2_hmac_update(ctx, data, datalen) \
mbedtls_md_hmac_update(&ctx, (unsigned char *) data, datalen)
#define libssh2_hmac_final(ctx, hash) \
mbedtls_md_hmac_finish(&ctx, hash)
#define libssh2_hmac_sha1_init(pctx, key, keylen) \
_libssh2_mbedtls_hash_init(pctx, MBEDTLS_MD_SHA1, key, keylen)
#define libssh2_hmac_md5_init(pctx, key, keylen) \
_libssh2_mbedtls_hash_init(pctx, MBEDTLS_MD_MD5, key, keylen)
#define libssh2_hmac_ripemd160_init(pctx, key, keylen) \
_libssh2_mbedtls_hash_init(pctx, MBEDTLS_MD_RIPEMD160, key, keylen)
#define libssh2_hmac_sha256_init(pctx, key, keylen) \
_libssh2_mbedtls_hash_init(pctx, MBEDTLS_MD_SHA256, key, keylen)
#define libssh2_hmac_sha512_init(pctx, key, keylen) \
_libssh2_mbedtls_hash_init(pctx, MBEDTLS_MD_SHA512, key, keylen)
/*******************************************************************/
/*
* mbedTLS backend: SHA1 functions
*/
#define libssh2_sha1_ctx mbedtls_md_context_t
#define libssh2_sha1_init(pctx) \
_libssh2_mbedtls_hash_init(pctx, MBEDTLS_MD_SHA1, NULL, 0)
#define libssh2_sha1_update(ctx, data, datalen) \
mbedtls_md_update(&ctx, (unsigned char *) data, datalen)
#define libssh2_sha1_final(ctx, hash) \
_libssh2_mbedtls_hash_final(&ctx, hash)
#define libssh2_sha1(data, datalen, hash) \
_libssh2_mbedtls_hash(data, datalen, MBEDTLS_MD_SHA1, hash)
/*******************************************************************/
/*
* mbedTLS backend: SHA256 functions
*/
#define libssh2_sha256_ctx mbedtls_md_context_t
#define libssh2_sha256_init(pctx) \
_libssh2_mbedtls_hash_init(pctx, MBEDTLS_MD_SHA256, NULL, 0)
#define libssh2_sha256_update(ctx, data, datalen) \
mbedtls_md_update(&ctx, (unsigned char *) data, datalen)
#define libssh2_sha256_final(ctx, hash) \
_libssh2_mbedtls_hash_final(&ctx, hash)
#define libssh2_sha256(data, datalen, hash) \
_libssh2_mbedtls_hash(data, datalen, MBEDTLS_MD_SHA256, hash)
/*******************************************************************/
/*
* mbedTLS backend: SHA512 functions
*/
#define libssh2_sha512_ctx mbedtls_md_context_t
#define libssh2_sha512_init(pctx) \
_libssh2_mbedtls_hash_init(pctx, MBEDTLS_MD_SHA512, NULL, 0)
#define libssh2_sha512_update(ctx, data, datalen) \
mbedtls_md_update(&ctx, (unsigned char *) data, datalen)
#define libssh2_sha512_final(ctx, hash) \
_libssh2_mbedtls_hash_final(&ctx, hash)
#define libssh2_sha512(data, datalen, hash) \
_libssh2_mbedtls_hash(data, datalen, MBEDTLS_MD_SHA512, hash)
/*******************************************************************/
/*
* mbedTLS backend: MD5 functions
*/
#define libssh2_md5_ctx mbedtls_md_context_t
#define libssh2_md5_init(pctx) \
_libssh2_mbedtls_hash_init(pctx, MBEDTLS_MD_MD5, NULL, 0)
#define libssh2_md5_update(ctx, data, datalen) \
mbedtls_md_update(&ctx, (unsigned char *) data, datalen)
#define libssh2_md5_final(ctx, hash) \
_libssh2_mbedtls_hash_final(&ctx, hash)
#define libssh2_md5(data, datalen, hash) \
_libssh2_mbedtls_hash(data, datalen, MBEDTLS_MD_MD5, hash)
/*******************************************************************/
/*
* mbedTLS backend: RSA structure
*/
#define libssh2_rsa_ctx mbedtls_rsa_context
#define _libssh2_rsa_new(rsactx, e, e_len, n, n_len, \
d, d_len, p, p_len, q, q_len, \
e1, e1_len, e2, e2_len, c, c_len) \
_libssh2_mbedtls_rsa_new(rsactx, e, e_len, n, n_len, \
d, d_len, p, p_len, q, q_len, \
e1, e1_len, e2, e2_len, c, c_len)
#define _libssh2_rsa_new_private(rsactx, s, filename, passphrase) \
_libssh2_mbedtls_rsa_new_private(rsactx, s, filename, passphrase)
#define _libssh2_rsa_new_private_frommemory(rsactx, s, filedata, \
filedata_len, passphrase) \
_libssh2_mbedtls_rsa_new_private_frommemory(rsactx, s, filedata, \
filedata_len, passphrase)
#define _libssh2_rsa_sha1_sign(s, rsactx, hash, hash_len, sig, sig_len) \
_libssh2_mbedtls_rsa_sha1_sign(s, rsactx, hash, hash_len, sig, sig_len)
#define _libssh2_rsa_sha1_verify(rsactx, sig, sig_len, m, m_len) \
_libssh2_mbedtls_rsa_sha1_verify(rsactx, sig, sig_len, m, m_len)
#define _libssh2_rsa_free(rsactx) \
_libssh2_mbedtls_rsa_free(rsactx)
/*
* mbedTLS backend: Key functions
*/
#define _libssh2_pub_priv_keyfile(s, m, m_len, p, p_len, pk, pw) \
_libssh2_mbedtls_pub_priv_keyfile(s, m, m_len, p, p_len, pk, pw)
#define _libssh2_pub_priv_keyfilememory(s, m, m_len, p, p_len, \
pk, pk_len, pw) \
_libssh2_mbedtls_pub_priv_keyfilememory(s, m, m_len, p, p_len, \
pk, pk_len, pw)
/*******************************************************************/
/*
* mbedTLS backend: Cipher Context structure
*/
#define _libssh2_cipher_ctx mbedtls_cipher_context_t
#define _libssh2_cipher_type(algo) mbedtls_cipher_type_t algo
#define _libssh2_cipher_aes256ctr MBEDTLS_CIPHER_AES_256_CTR
#define _libssh2_cipher_aes192ctr MBEDTLS_CIPHER_AES_192_CTR
#define _libssh2_cipher_aes128ctr MBEDTLS_CIPHER_AES_128_CTR
#define _libssh2_cipher_aes256 MBEDTLS_CIPHER_AES_256_CBC
#define _libssh2_cipher_aes192 MBEDTLS_CIPHER_AES_192_CBC
#define _libssh2_cipher_aes128 MBEDTLS_CIPHER_AES_128_CBC
#define _libssh2_cipher_blowfish MBEDTLS_CIPHER_BLOWFISH_CBC
#define _libssh2_cipher_arcfour MBEDTLS_CIPHER_ARC4_128
#define _libssh2_cipher_cast5 MBEDTLS_CIPHER_NULL
#define _libssh2_cipher_3des MBEDTLS_CIPHER_DES_EDE3_CBC
/*
* mbedTLS backend: Cipher functions
*/
#define _libssh2_cipher_init(ctx, type, iv, secret, encrypt) \
_libssh2_mbedtls_cipher_init(ctx, type, iv, secret, encrypt)
#define _libssh2_cipher_crypt(ctx, type, encrypt, block, blocklen) \
_libssh2_mbedtls_cipher_crypt(ctx, type, encrypt, block, blocklen)
#define _libssh2_cipher_dtor(ctx) \
_libssh2_mbedtls_cipher_dtor(ctx)
/*******************************************************************/
/*
* mbedTLS backend: BigNumber Support
*/
#define _libssh2_bn_ctx int /* not used */
#define _libssh2_bn_ctx_new() 0 /* not used */
#define _libssh2_bn_ctx_free(bnctx) ((void)0) /* not used */
#define _libssh2_bn mbedtls_mpi
#define _libssh2_bn_init() \
_libssh2_mbedtls_bignum_init()
#define _libssh2_bn_init_from_bin() \
_libssh2_mbedtls_bignum_init()
#define _libssh2_bn_rand(bn, bits, top, bottom) \
_libssh2_mbedtls_bignum_random(bn, bits, top, bottom)
#define _libssh2_bn_mod_exp(r, a, p, m, ctx) \
mbedtls_mpi_exp_mod(r, a, p, m, NULL)
#define _libssh2_bn_set_word(bn, word) \
mbedtls_mpi_lset(bn, word)
#define _libssh2_bn_from_bin(bn, len, bin) \
mbedtls_mpi_read_binary(bn, bin, len)
#define _libssh2_bn_to_bin(bn, bin) \
mbedtls_mpi_write_binary(bn, bin, mbedtls_mpi_size(bn))
#define _libssh2_bn_bytes(bn) \
mbedtls_mpi_size(bn)
#define _libssh2_bn_bits(bn) \
mbedtls_mpi_bitlen(bn)
#define _libssh2_bn_free(bn) \
mbedtls_mpi_free(bn)
/*******************************************************************/
/*
* mbedTLS backend: forward declarations
*/
void
_libssh2_mbedtls_init(void);
void
_libssh2_mbedtls_free(void);
int
_libssh2_mbedtls_random(unsigned char *buf, int len);
int
_libssh2_mbedtls_cipher_init(_libssh2_cipher_ctx *ctx,
_libssh2_cipher_type(type),
unsigned char *iv,
unsigned char *secret,
int encrypt);
int
_libssh2_mbedtls_cipher_crypt(_libssh2_cipher_ctx *ctx,
_libssh2_cipher_type(type),
int encrypt,
unsigned char *block,
size_t blocklen);
void
_libssh2_mbedtls_cipher_dtor(_libssh2_cipher_ctx *ctx);
int
_libssh2_mbedtls_hash_init(mbedtls_md_context_t *ctx,
mbedtls_md_type_t mdtype,
const unsigned char *key, unsigned long keylen);
int
_libssh2_mbedtls_hash_final(mbedtls_md_context_t *ctx, unsigned char *hash);
int
_libssh2_mbedtls_hash(const unsigned char *data, unsigned long datalen,
mbedtls_md_type_t mdtype, unsigned char *hash);
_libssh2_bn *
_libssh2_mbedtls_bignum_init(void);
void
_libssh2_mbedtls_bignum_free(_libssh2_bn *bn);
int
_libssh2_mbedtls_bignum_random(_libssh2_bn *bn, int bits, int top, int bottom);
int
_libssh2_mbedtls_rsa_new(libssh2_rsa_ctx **rsa,
const unsigned char *edata,
unsigned long elen,
const unsigned char *ndata,
unsigned long nlen,
const unsigned char *ddata,
unsigned long dlen,
const unsigned char *pdata,
unsigned long plen,
const unsigned char *qdata,
unsigned long qlen,
const unsigned char *e1data,
unsigned long e1len,
const unsigned char *e2data,
unsigned long e2len,
const unsigned char *coeffdata,
unsigned long coefflen);
int
_libssh2_mbedtls_rsa_new_private(libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
const char *filename,
const unsigned char *passphrase);
int
_libssh2_mbedtls_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
const char *filedata,
size_t filedata_len,
unsigned const char *passphrase);
int
_libssh2_mbedtls_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
const unsigned char *sig,
unsigned long sig_len,
const unsigned char *m,
unsigned long m_len);
int
_libssh2_mbedtls_rsa_sha1_sign(LIBSSH2_SESSION *session,
libssh2_rsa_ctx *rsa,
const unsigned char *hash,
size_t hash_len,
unsigned char **signature,
size_t *signature_len);
void
_libssh2_mbedtls_rsa_free(libssh2_rsa_ctx *rsa);
int
_libssh2_mbedtls_pub_priv_keyfile(LIBSSH2_SESSION *session,
unsigned char **method,
size_t *method_len,
unsigned char **pubkeydata,
size_t *pubkeydata_len,
const char *privatekey,
const char *passphrase);
int
_libssh2_mbedtls_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
unsigned char **method,
size_t *method_len,
unsigned char **pubkeydata,
size_t *pubkeydata_len,
const char *privatekeydata,
size_t privatekeydata_len,
const char *passphrase);

11
src/misc.c
View File

@@ -235,17 +235,6 @@ void _libssh2_store_str(unsigned char **buf, const char *str, size_t len)
/* Base64 Conversion */
static const char base64_table[] =
{
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/', '\0'
};
static const char base64_pad = '=';
static const short base64_reverse_table[256] = {
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,

198
src/openssl.c
View File

@@ -66,33 +66,63 @@ _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
unsigned long e2len,
const unsigned char *coeffdata, unsigned long coefflen)
{
*rsa = RSA_new();
BIGNUM * e;
BIGNUM * n;
BIGNUM * d = 0;
BIGNUM * p = 0;
BIGNUM * q = 0;
BIGNUM * dmp1 = 0;
BIGNUM * dmq1 = 0;
BIGNUM * iqmp = 0;
(*rsa)->e = BN_new();
BN_bin2bn(edata, elen, (*rsa)->e);
e = BN_new();
BN_bin2bn(edata, elen, e);
(*rsa)->n = BN_new();
BN_bin2bn(ndata, nlen, (*rsa)->n);
n = BN_new();
BN_bin2bn(ndata, nlen, n);
if (ddata) {
(*rsa)->d = BN_new();
BN_bin2bn(ddata, dlen, (*rsa)->d);
d = BN_new();
BN_bin2bn(ddata, dlen, d);
(*rsa)->p = BN_new();
BN_bin2bn(pdata, plen, (*rsa)->p);
p = BN_new();
BN_bin2bn(pdata, plen, p);
(*rsa)->q = BN_new();
BN_bin2bn(qdata, qlen, (*rsa)->q);
q = BN_new();
BN_bin2bn(qdata, qlen, q);
(*rsa)->dmp1 = BN_new();
BN_bin2bn(e1data, e1len, (*rsa)->dmp1);
dmp1 = BN_new();
BN_bin2bn(e1data, e1len, dmp1);
(*rsa)->dmq1 = BN_new();
BN_bin2bn(e2data, e2len, (*rsa)->dmq1);
dmq1 = BN_new();
BN_bin2bn(e2data, e2len, dmq1);
(*rsa)->iqmp = BN_new();
BN_bin2bn(coeffdata, coefflen, (*rsa)->iqmp);
iqmp = BN_new();
BN_bin2bn(coeffdata, coefflen, iqmp);
}
*rsa = RSA_new();
#ifdef HAVE_OPAQUE_STRUCTS
RSA_set0_key(*rsa, n, e, d);
#else
(*rsa)->e = e;
(*rsa)->n = n;
#endif
#ifdef HAVE_OPAQUE_STRUCTS
RSA_set0_factors(*rsa, p, q);
#else
(*rsa)->p = p;
(*rsa)->q = q;
#endif
#ifdef HAVE_OPAQUE_STRUCTS
RSA_set0_crt_params(*rsa, dmp1, dmq1, iqmp);
#else
(*rsa)->dmp1 = dmp1;
(*rsa)->dmq1 = dmq1;
(*rsa)->iqmp = iqmp;
#endif
return 0;
}
@@ -125,25 +155,45 @@ _libssh2_dsa_new(libssh2_dsa_ctx ** dsactx,
unsigned long y_len,
const unsigned char *x, unsigned long x_len)
{
*dsactx = DSA_new();
BIGNUM * p_bn;
BIGNUM * q_bn;
BIGNUM * g_bn;
BIGNUM * pub_key;
BIGNUM * priv_key = NULL;
(*dsactx)->p = BN_new();
BN_bin2bn(p, p_len, (*dsactx)->p);
p_bn = BN_new();
BN_bin2bn(p, p_len, p_bn);
(*dsactx)->q = BN_new();
BN_bin2bn(q, q_len, (*dsactx)->q);
q_bn = BN_new();
BN_bin2bn(q, q_len, q_bn);
(*dsactx)->g = BN_new();
BN_bin2bn(g, g_len, (*dsactx)->g);
g_bn = BN_new();
BN_bin2bn(g, g_len, g_bn);
(*dsactx)->pub_key = BN_new();
BN_bin2bn(y, y_len, (*dsactx)->pub_key);
pub_key = BN_new();
BN_bin2bn(y, y_len, pub_key);
if (x_len) {
(*dsactx)->priv_key = BN_new();
BN_bin2bn(x, x_len, (*dsactx)->priv_key);
priv_key = BN_new();
BN_bin2bn(x, x_len, priv_key);
}
*dsactx = DSA_new();
#ifdef HAVE_OPAQUE_STRUCTS
DSA_set0_pqg(*dsactx, p_bn, q_bn, g_bn);
#else
(*dsactx)->p = p_bn;
(*dsactx)->g = g_bn;
(*dsactx)->q = q_bn;
#endif
#ifdef HAVE_OPAQUE_STRUCTS
DSA_set0_key(*dsactx, pub_key, priv_key);
#else
(*dsactx)->pub_key = pub_key;
(*dsactx)->priv_key = priv_key;
#endif
return 0;
}
@@ -153,20 +203,28 @@ _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,
const unsigned char *m, unsigned long m_len)
{
unsigned char hash[SHA_DIGEST_LENGTH];
DSA_SIG dsasig;
DSA_SIG * dsasig;
BIGNUM * r;
BIGNUM * s;
int ret = -1;
dsasig.r = BN_new();
BN_bin2bn(sig, 20, dsasig.r);
dsasig.s = BN_new();
BN_bin2bn(sig + 20, 20, dsasig.s);
r = BN_new();
BN_bin2bn(sig, 20, r);
s = BN_new();
BN_bin2bn(sig + 20, 20, s);
dsasig = DSA_SIG_new();
#ifdef HAVE_OPAQUE_STRUCTS
DSA_SIG_set0(dsasig, r, s);
#else
dsasig->r = r;
dsasig->s = s;
#endif
if (!_libssh2_sha1(m, m_len, hash))
/* _libssh2_sha1() succeeded */
ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, &dsasig, dsactx);
ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, dsasig, dsactx);
BN_clear_free(dsasig.s);
BN_clear_free(dsasig.r);
DSA_SIG_free(dsasig);
return (ret == 1) ? 0 : -1;
}
@@ -207,7 +265,7 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
return ret == 1 ? 0 : 1;
}
#if LIBSSH2_AES_CTR
#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
#include <openssl/aes.h>
#include <openssl/evp.h>
@@ -586,6 +644,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
unsigned long hash_len, unsigned char *signature)
{
DSA_SIG *sig;
const BIGNUM * r;
const BIGNUM * s;
int r_len, s_len;
(void) hash_len;
@@ -594,12 +654,18 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
return -1;
}
r_len = BN_num_bytes(sig->r);
#ifdef HAVE_OPAQUE_STRUCTS
DSA_SIG_get0(sig, &r, &s);
#else
r = sig->r;
s = sig->s;
#endif
r_len = BN_num_bytes(r);
if (r_len < 1 || r_len > 20) {
DSA_SIG_free(sig);
return -1;
}
s_len = BN_num_bytes(sig->s);
s_len = BN_num_bytes(s);
if (s_len < 1 || s_len > 20) {
DSA_SIG_free(sig);
return -1;
@@ -607,8 +673,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
memset(signature, 0, 40);
BN_bn2bin(sig->r, signature + (20 - r_len));
BN_bn2bin(sig->s, signature + 20 + (20 - s_len));
BN_bn2bin(r, signature + (20 - r_len));
BN_bn2bin(s, signature + 20 + (20 - s_len));
DSA_SIG_free(sig);
@@ -768,9 +834,16 @@ gen_publickey_from_rsa(LIBSSH2_SESSION *session, RSA *rsa,
unsigned long len;
unsigned char* key;
unsigned char* p;
e_bytes = BN_num_bytes(rsa->e) + 1;
n_bytes = BN_num_bytes(rsa->n) + 1;
const BIGNUM * e;
const BIGNUM * n;
#ifdef HAVE_OPAQUE_STRUCTS
RSA_get0_key(rsa, &n, &e, NULL);
#else
e = rsa->e;
n = rsa->n;
#endif
e_bytes = BN_num_bytes(e) + 1;
n_bytes = BN_num_bytes(n) + 1;
/* Key form is "ssh-rsa" + e + n. */
len = 4 + 7 + 4 + e_bytes + 4 + n_bytes;
@@ -788,8 +861,8 @@ gen_publickey_from_rsa(LIBSSH2_SESSION *session, RSA *rsa,
memcpy(p, "ssh-rsa", 7);
p += 7;
p = write_bn(p, rsa->e, e_bytes);
p = write_bn(p, rsa->n, n_bytes);
p = write_bn(p, e, e_bytes);
p = write_bn(p, n, n_bytes);
*key_len = (size_t)(p - key);
return key;
@@ -805,10 +878,27 @@ gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
unsigned char* key;
unsigned char* p;
p_bytes = BN_num_bytes(dsa->p) + 1;
q_bytes = BN_num_bytes(dsa->q) + 1;
g_bytes = BN_num_bytes(dsa->g) + 1;
k_bytes = BN_num_bytes(dsa->pub_key) + 1;
const BIGNUM * p_bn;
const BIGNUM * q;
const BIGNUM * g;
const BIGNUM * pub_key;
#ifdef HAVE_OPAQUE_STRUCTS
DSA_get0_pqg(dsa, &p_bn, &q, &g);
#else
p_bn = dsa->p;
q = dsa->q;
g = dsa->g;
#endif
#ifdef HAVE_OPAQUE_STRUCTS
DSA_get0_key(dsa, &pub_key, NULL);
#else
pub_key = dsa->pub_key;
#endif
p_bytes = BN_num_bytes(p_bn) + 1;
q_bytes = BN_num_bytes(q) + 1;
g_bytes = BN_num_bytes(g) + 1;
k_bytes = BN_num_bytes(pub_key) + 1;
/* Key form is "ssh-dss" + p + q + g + pub_key. */
len = 4 + 7 + 4 + p_bytes + 4 + q_bytes + 4 + g_bytes + 4 + k_bytes;
@@ -826,10 +916,10 @@ gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
memcpy(p, "ssh-dss", 7);
p += 7;
p = write_bn(p, dsa->p, p_bytes);
p = write_bn(p, dsa->q, q_bytes);
p = write_bn(p, dsa->g, g_bytes);
p = write_bn(p, dsa->pub_key, k_bytes);
p = write_bn(p, p_bn, p_bytes);
p = write_bn(p, q, q_bytes);
p = write_bn(p, g, g_bytes);
p = write_bn(p, pub_key, k_bytes);
*key_len = (size_t)(p - key);
return key;

17
src/session.c
View File

@@ -599,12 +599,12 @@ int _libssh2_wait_socket(LIBSSH2_SESSION *session, time_t start_time)
if (session->api_timeout > 0 &&
(seconds_to_next == 0 ||
seconds_to_next > session->api_timeout)) {
ms_to_next > session->api_timeout)) {
time_t now = time (NULL);
elapsed_ms = (long)(1000*difftime(now, start_time));
if (elapsed_ms > session->api_timeout) {
session->err_code = LIBSSH2_ERROR_TIMEOUT;
return LIBSSH2_ERROR_TIMEOUT;
return _libssh2_error(session, LIBSSH2_ERROR_TIMEOUT,
"API timeout expired");
}
ms_to_next = (session->api_timeout - elapsed_ms);
has_timeout = 1;
@@ -658,10 +658,13 @@ int _libssh2_wait_socket(LIBSSH2_SESSION *session, time_t start_time)
has_timeout ? &tv : NULL);
}
#endif
if(rc <= 0) {
/* timeout (or error), bail out with a timeout error */
session->err_code = LIBSSH2_ERROR_TIMEOUT;
return LIBSSH2_ERROR_TIMEOUT;
if(rc == 0) {
return _libssh2_error(session, LIBSSH2_ERROR_TIMEOUT,
"Timed out waiting on socket");
}
if(rc < 0) {
return _libssh2_error(session, LIBSSH2_ERROR_TIMEOUT,
"Error waiting on socket");
}
return 0; /* ready to try again */

2
src/sftp.c
View File

@@ -1527,7 +1527,7 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer,
if (chunk->offset != filep->offset) {
/* This could happen if the server returns less bytes than
requested, which shouldn't happen for normal files. See:
http://tools.ietf.org/html/draft-ietf-secsh-filexfer-02
https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02
#section-6.4
*/
return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL,

6
src/wincng.c
View File

@@ -861,7 +861,7 @@ _libssh2_wincng_rsa_new(libssh2_rsa_ctx **rsa,
memset(key, 0, keylen);
/* http://msdn.microsoft.com/library/windows/desktop/aa375531.aspx */
/* https://msdn.microsoft.com/library/windows/desktop/aa375531.aspx */
rsakey = (BCRYPT_RSAKEY_BLOB *)key;
rsakey->BitLength = mlen * 8;
rsakey->cbPublicExp = elen;
@@ -1179,7 +1179,7 @@ _libssh2_wincng_dsa_new(libssh2_dsa_ctx **dsa,
memset(key, 0, keylen);
/* http://msdn.microsoft.com/library/windows/desktop/aa833126.aspx */
/* https://msdn.microsoft.com/library/windows/desktop/aa833126.aspx */
dsakey = (BCRYPT_DSA_KEY_BLOB *)key;
dsakey->cbKey = length;
@@ -1903,7 +1903,7 @@ _libssh2_wincng_bignum_mod_exp(_libssh2_bn *r,
return -1;
/* http://msdn.microsoft.com/library/windows/desktop/aa375531.aspx */
/* https://msdn.microsoft.com/library/windows/desktop/aa375531.aspx */
rsakey = (BCRYPT_RSAKEY_BLOB *)key;
rsakey->Magic = BCRYPT_RSAPUBLIC_MAGIC;
rsakey->BitLength = m->length * 8;

77
tests/CMakeLists.txt
View File

@@ -1,4 +1,4 @@
# Copyright (c) 2014, 2015 Alexander Lamaison <alexander.lamaison@gmail.com>
# Copyright (c) 2014-2016 Alexander Lamaison <alexander.lamaison@gmail.com>
#
# Redistribution and use in source and binary forms,
# with or without modification, are permitted provided
@@ -47,22 +47,45 @@ check_include_files(sys/socket.h HAVE_SYS_SOCKET_H)
check_include_files(arpa/inet.h HAVE_ARPA_INET_H)
check_include_files(windows.h HAVE_WINDOWS_H)
check_include_files(winsock2.h HAVE_WINSOCK2_H)
configure_file(
${CMAKE_CURRENT_SOURCE_DIR}/libssh2_config_cmake.h.in
${CMAKE_CURRENT_BINARY_DIR}/libssh2_config.h)
set(TESTS
simple
ssh2)
"${CMAKE_CURRENT_SOURCE_DIR}/libssh2_config_cmake.h.in"
"${CMAKE_CURRENT_BINARY_DIR}/libssh2_config.h")
append_needed_socket_libraries(LIBRARIES)
set(TESTS
hostkey
hostkey_hash
password_auth_succeeds_with_correct_credentials
password_auth_fails_with_wrong_password
password_auth_fails_with_wrong_username
public_key_auth_fails_with_wrong_key
public_key_auth_succeeds_with_correct_rsa_key
public_key_auth_succeeds_with_correct_dsa_key
keyboard_interactive_auth_fails_with_wrong_response
keyboard_interactive_auth_succeeds_with_correct_response
)
add_library(openssh_fixture STATIC openssh_fixture.h openssh_fixture.c)
target_link_libraries(openssh_fixture ${LIBRARIES})
target_include_directories(openssh_fixture PRIVATE "${CMAKE_CURRENT_BINARY_DIR}")
add_library(session_fixture STATIC session_fixture.h session_fixture.c)
target_link_libraries(session_fixture ${LIBRARIES} openssh_fixture libssh2)
target_include_directories(session_fixture PRIVATE "${CMAKE_CURRENT_BINARY_DIR}")
add_library(runner STATIC runner.c)
target_link_libraries(runner session_fixture)
target_include_directories(runner PRIVATE "${CMAKE_CURRENT_BINARY_DIR}")
foreach(test ${TESTS})
add_executable(test-${test} ${test}.c)
target_link_libraries(test-${test} libssh2 ${LIBRARIES})
target_include_directories(test-${test} PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
list(APPEND TEST_TARGETS test-${test})
add_executable(test_${test} test_${test}.c)
target_link_libraries(test_${test} libssh2 runner ${LIBRARIES})
target_include_directories(test_${test} PRIVATE "${CMAKE_CURRENT_BINARY_DIR}")
list(APPEND TEST_TARGETS test_${test})
add_test(
NAME test_${test} COMMAND $<TARGET_FILE:test_${test}>
WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}")
endforeach()
add_target_to_copy_dependencies(
@@ -70,6 +93,7 @@ add_target_to_copy_dependencies(
DEPENDENCIES ${RUNTIME_DEPENDENCIES}
BEFORE_TARGETS ${TEST_TARGETS})
# TODO convert mansyntax.sh into CMake script.
# XXX Just because we can find all three programs, doesn't mean sh can
# find man and grep
@@ -82,30 +106,3 @@ if(SH_EXECUTABLE AND MAN_EXECUTABLE AND GREP_EXECUTABLE)
set(cmd "${cmd} ${CMAKE_CURRENT_SOURCE_DIR}/mansyntax.sh")
add_test(mansyntax ${SH_EXECUTABLE} -c "${cmd}")
endif()
add_test(simple test-simple)
find_program(SSHD_EXECUTABLE sshd)
find_program(CHMOD_EXECUTABLE chmod)
find_program(KILL_EXECUTABLE kill)
mark_as_advanced(SSHD_EXECUTABLE CHMOD_EXECUTABLE KILL_EXECUTABLE)
if(SSHD_EXECUTABLE AND CHMOD_EXECUTABLE AND KILL_EXECUTABLE)
set(SSHD_TEST_CONFIG_DIR ${CMAKE_CURRENT_BINARY_DIR})
set(TEST_NAME ssh2)
add_custom_command(
TARGET test-${TEST_NAME}
COMMAND ${CMAKE_COMMAND} -E copy_directory
${CMAKE_CURRENT_SOURCE_DIR}/etc
${SSHD_TEST_CONFIG_DIR}/etc)
configure_file(
${CMAKE_CURRENT_SOURCE_DIR}/sshd_fixture.sh.in
${CMAKE_CURRENT_BINARY_DIR}/test-${TEST_NAME}_fixture.sh
@ONLY)
add_test(NAME ssh2 COMMAND ${SH_EXECUTABLE}
${CMAKE_CURRENT_BINARY_DIR}/test-${TEST_NAME}_fixture.sh
$<TARGET_FILE:test-${TEST_NAME}>)
endif()

12
tests/Makefile.am
View File

@@ -19,3 +19,15 @@ TESTS_ENVIRONMENT += srcdir=$(top_srcdir)/tests builddir=$(top_builddir)/tests
EXTRA_DIST = ssh2.sh mansyntax.sh
EXTRA_DIST += etc/host etc/host.pub etc/user etc/user.pub
EXTRA_DIST += CMakeLists.txt libssh2_config_cmake.h.in sshd_fixture.sh.in
EXTRA_DIST += key_dsa key_dsa.pub key_dsa_wrong key_dsa_wrong.pub key_rsa key_rsa.pub
EXTRA_DIST += openssh_server/authorized_keys openssh_server/Dockerfile openssh_server/ssh_host_rsa_key
EXTRA_DIST += openssh_fixture.c openssh_fixture.h runner.c session_fixture.c session_fixture.h
EXTRA_DIST += test_hostkey.c test_hostkey_hash.c
EXTRA_DIST += test_keyboard_interactive_auth_fails_with_wrong_response.c
EXTRA_DIST += test_keyboard_interactive_auth_succeeds_with_correct_response.c
EXTRA_DIST += test_password_auth_fails_with_wrong_password.c
EXTRA_DIST += test_password_auth_fails_with_wrong_username.c
EXTRA_DIST += test_password_auth_succeeds_with_correct_credentials.c
EXTRA_DIST += test_public_key_auth_fails_with_wrong_key.c
EXTRA_DIST += test_public_key_auth_succeeds_with_correct_dsa_key.c
EXTRA_DIST += test_public_key_auth_succeeds_with_correct_rsa_key.c

20
tests/Makefile.in
View File

@@ -418,6 +418,7 @@ GREP = @GREP@
HAVE_LIBBCRYPT = @HAVE_LIBBCRYPT@
HAVE_LIBCRYPT32 = @HAVE_LIBCRYPT32@
HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
HAVE_LIBMBEDTLS = @HAVE_LIBMBEDTLS@
HAVE_LIBSSL = @HAVE_LIBSSL@
HAVE_LIBZ = @HAVE_LIBZ@
INSTALL = @INSTALL@
@@ -433,6 +434,8 @@ LIBCRYPT32 = @LIBCRYPT32@
LIBCRYPT32_PREFIX = @LIBCRYPT32_PREFIX@
LIBGCRYPT = @LIBGCRYPT@
LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
LIBMBEDTLS = @LIBMBEDTLS@
LIBMBEDTLS_PREFIX = @LIBMBEDTLS_PREFIX@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBSREQUIRED = @LIBSREQUIRED@
@@ -447,9 +450,11 @@ LN_S = @LN_S@
LTLIBBCRYPT = @LTLIBBCRYPT@
LTLIBCRYPT32 = @LTLIBCRYPT32@
LTLIBGCRYPT = @LTLIBGCRYPT@
LTLIBMBEDTLS = @LTLIBMBEDTLS@
LTLIBOBJS = @LTLIBOBJS@
LTLIBSSL = @LTLIBSSL@
LTLIBZ = @LTLIBZ@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
@@ -538,7 +543,20 @@ TESTS_ENVIRONMENT = SSHD=$(SSHD) EXEEXT=$(EXEEXT) \
srcdir=$(top_srcdir)/tests builddir=$(top_builddir)/tests
EXTRA_DIST = ssh2.sh mansyntax.sh etc/host etc/host.pub etc/user \
etc/user.pub CMakeLists.txt libssh2_config_cmake.h.in \
sshd_fixture.sh.in
sshd_fixture.sh.in key_dsa key_dsa.pub key_dsa_wrong \
key_dsa_wrong.pub key_rsa key_rsa.pub \
openssh_server/authorized_keys openssh_server/Dockerfile \
openssh_server/ssh_host_rsa_key openssh_fixture.c \
openssh_fixture.h runner.c session_fixture.c session_fixture.h \
test_hostkey.c test_hostkey_hash.c \
test_keyboard_interactive_auth_fails_with_wrong_response.c \
test_keyboard_interactive_auth_succeeds_with_correct_response.c \
test_password_auth_fails_with_wrong_password.c \
test_password_auth_fails_with_wrong_username.c \
test_password_auth_succeeds_with_correct_credentials.c \
test_public_key_auth_fails_with_wrong_key.c \
test_public_key_auth_succeeds_with_correct_dsa_key.c \
test_public_key_auth_succeeds_with_correct_rsa_key.c
all: all-am
.SUFFIXES:

12
tests/key_dsa Normal file
View File

@@ -0,0 +1,12 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBvAIBAAKBgQCtiYdgpPvFtfi7Ba44DiB+1x8kojjT0nRvn2hU2aa4p4fXI8kd
6Hc57VQO/lLhR9eFpxjP7m+jGwF468Q6NU8xiC71ucep0OoXS7u8RcoIoWfLDtZi
DDlahnZTW04mB5fFxo2y7dYl31vE4TPdSxhqpkvnIBIstMFh2M7Dl0w8/QIVAP95
u6dg1OW6gGsRgiircsy1A9tzAoGBAIzwc5FCnJnzAJm9Hjv0AFV5l/i/DQulZ9pu
EILkNiHCfDR+lTJ8VxAR7J3pgjmvYzeeRvi519ez1YriktDt66kIknQOcHB8ghyg
U+dff79SkDcpg8LnX5xb3cVMgABujA0sSpaW1wwm64RXdvmoQvWu6ympUT0l0dEd
oYVkb4ytAoGAJ+CGwV/1S4j1GVwa6pSP0nj4V86GWXosTTBg7GT+rKWu8lrxIcr6
FzLWgFi/gHoMrgnKWGxO1yF7vkoYM5Yfo84oBYiH+MgpiBuOrZrgzacHsA66JJbU
frESRFWZl2blIPr6Gyjj6cVGgMabK3yCiTRi0v7hwffpm0rKyKv7GooCFQCyaA6T
tkJunHP+F0Xg/WAUV6tcqA==
-----END DSA PRIVATE KEY-----

1
tests/key_dsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-dss AAAAB3NzaC1kc3MAAACBAK2Jh2Ck+8W1+LsFrjgOIH7XHySiONPSdG+faFTZprinh9cjyR3odzntVA7+UuFH14WnGM/ub6MbAXjrxDo1TzGILvW5x6nQ6hdLu7xFygihZ8sO1mIMOVqGdlNbTiYHl8XGjbLt1iXfW8ThM91LGGqmS+cgEiy0wWHYzsOXTDz9AAAAFQD/ebunYNTluoBrEYIoq3LMtQPbcwAAAIEAjPBzkUKcmfMAmb0eO/QAVXmX+L8NC6Vn2m4QguQ2IcJ8NH6VMnxXEBHsnemCOa9jN55G+LnX17PViuKS0O3rqQiSdA5wcHyCHKBT519/v1KQNymDwudfnFvdxUyAAG6MDSxKlpbXDCbrhFd2+ahC9a7rKalRPSXR0R2hhWRvjK0AAACAJ+CGwV/1S4j1GVwa6pSP0nj4V86GWXosTTBg7GT+rKWu8lrxIcr6FzLWgFi/gHoMrgnKWGxO1yF7vkoYM5Yfo84oBYiH+MgpiBuOrZrgzacHsA66JJbUfrESRFWZl2blIPr6Gyjj6cVGgMabK3yCiTRi0v7hwffpm0rKyKv7Goo= awl03@bounty

12
tests/key_dsa_wrong Normal file
View File

@@ -0,0 +1,12 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQCE1v/lL1VvjlJMyG7q0wAgl2tqVMzy5h1RVOtDS8bTlXLJg7ks
T63wTmXlp2HedgKkfHCu7AKsjPyg1CTrvRBa8BFEvMoUDARonMwql34aiKVMy/t0
/ehnmCQV+ZMFpsVFnphJpZuXLTW1F3pnEbSNud5sACjbWb51uly5AUynuwIVAOhj
rbNOaAtC1oYki8CVwpkQ8rHhAoGAYSepXRF3GJSjseYgJ2bCgcJS0L9agcvKAf+F
dc+ZDJOchhnZC/hGHsjAfg62KowwKuOYsbcR3S4LJxiERcmRabww+kUIL1E8bLaQ
RbOygNsHU8LyBdSx3WqC2WEOpVkTAjYDWTkbN+qkb53IBoI0GwFt5P9GHvQcAGkj
GJQAWWYCgYAt7vxpDC5Xs6GxbaUupfIP95ZTMx2LqqFjqfT/81nypIHVyIlCnWMi
a0mWGe4qXmHSyk6ZYnsk7Ll6WxdwUrFhd75qERyXlRK2x/v/Q3h9IOwChpHdSFx/
Tq1Zl9vMx3tmS1H0YF9tUdN7g8S5XTUSvYA+0Lzxs/9zOU5fa55+pAIVAKV45RLf
hg2GNXvO68Q4tt3F6kSP
-----END DSA PRIVATE KEY-----

1
tests/key_dsa_wrong.pub Normal file
View File

@@ -0,0 +1 @@
ssh-dss AAAAB3NzaC1kc3MAAACBAITW/+UvVW+OUkzIburTACCXa2pUzPLmHVFU60NLxtOVcsmDuSxPrfBOZeWnYd52AqR8cK7sAqyM/KDUJOu9EFrwEUS8yhQMBGiczCqXfhqIpUzL+3T96GeYJBX5kwWmxUWemEmlm5ctNbUXemcRtI253mwAKNtZvnW6XLkBTKe7AAAAFQDoY62zTmgLQtaGJIvAlcKZEPKx4QAAAIBhJ6ldEXcYlKOx5iAnZsKBwlLQv1qBy8oB/4V1z5kMk5yGGdkL+EYeyMB+DrYqjDAq45ixtxHdLgsnGIRFyZFpvDD6RQgvUTxstpBFs7KA2wdTwvIF1LHdaoLZYQ6lWRMCNgNZORs36qRvncgGgjQbAW3k/0Ye9BwAaSMYlABZZgAAAIAt7vxpDC5Xs6GxbaUupfIP95ZTMx2LqqFjqfT/81nypIHVyIlCnWMia0mWGe4qXmHSyk6ZYnsk7Ll6WxdwUrFhd75qERyXlRK2x/v/Q3h9IOwChpHdSFx/Tq1Zl9vMx3tmS1H0YF9tUdN7g8S5XTUSvYA+0Lzxs/9zOU5fa55+pA== awl03@bounty

27
tests/key_rsa Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQEAnak1T7zHJ+hVRFBDQ9pf1KVzmd5gaNc7y7NPmL13aOG3sYeJ
evi1x1WM/R3tb8XnUnzZUX9GJN0MYovvZsw9bknG1mDP72LFbGp/gzPddGIKHBBp
vceDaJ85sM/ME3XOtD7uuXQuNAuEHwEzSMMiSIEMcQS+lXIcMLr5xPLEkyNvqsO5
RqSjMTLHKHgY8gLWx7oQ1avokhwuDxF7P3Pqtj+rW2Te6vR0i1H6EyFPsBkzkgNX
b33cus8M1CnTmYTSgJgmHO2LLcGpjQ5sL8T/PWIWHaSqTnkrFXEMysgoteXnAYIL
jzyBaqq2WV4KA3TluGdAP2p8gC32QtKmIuis3QIBIwKCAQB1Hpyhoi2LXCIVfXPM
AU6AtWvRY12PtdSl8uqr+nX2JATNBZlUCTaUE6qQJNxEZyDeMNvzZdxV5gkzQ2Fi
TpQIyRddbH01fJKoTxzlHzbLfAeCj9mFqicahOkHAMN8K6Ddqxe89zhD60w0SgjW
91tLzZQ2sxE70RxBdPQOpbaZLxmUZSVxRgf5djotyZqB4CcGblKCEZYJ9ZemgCnF
gEcSsqcn0Jxfu+aEJ4WinN2orWs+okfgsUu9G9Ozwcy9Ptq1LkIzcwwTIpL7TTDd
LMvhql39a07SysepjFRHxjvXh8Gv+SsLvKQPJHheVv8XoG0dZd+9/Eden9rHKoVm
vGPLAoGBANGDQtv5K/md/3sRGeJ6Ir3/Ao+WMe8C5onck+hW4y/2yQqm3ZLzyZon
KdWRj2q4dnxFZyoyDgX0UHLpM4aSsMRjn4C6vcPLcYaZ9CGB5FWPGZrq+q6vuMGK
V9/fo4ZNFkNK3wo4WCSgxC1Y8XUJc3klOvPVjsmVxZaeZnkukkAFAoGBAMCkqe/S
hrKITzjZuyGN90a2Nq+3xMNGuc400Qvoi27D1OcSn7SJ/K3tVWbENOH3CAlkmlZT
46IM2SRRmM0bxF3aThEwnsD5yPqgz+tcweX+gK3nXnP5JZfYF1kArXk80/eYhNE9
PwnJNXDQMoxaM0/X6BVgQyt03/Q12lH9u0j5AoGAR9U7fp6Su/uoDO/rnhs/HJHy
P9u5WULSsuyKe4uBF8JTjp+cbOXeuIJ0vkCI8WPQ2iZsg37gPI5Hd9rtGDJLPATm
OsOuxslowG9MY0J6K/aMb6EFfbiXHckIL3/gS02hO6SkPgSwgZY0odVaGX+VThtk
q18ppDNZr/vLXL+CmZsCgYEAlJxIlG80tZxaXw5dKIN1nPL2/JUUIZz1vFShQ7Nk
P4EglP+9B52lqr5mc9kwHAe1vhpobns6kvP393IlawbKrsz6ZQg/8/PkLw5XQIli
YPeH1pyKsTyKtvcn9DO5BcE1zaGLB9ApULEpOcUuTwPBLvcDfjRREuUhywT44Coi
w0MCgYAX5yc7/Z3R6M30rGsrgb1Y2siHYsi2LCygUj7TDGQYpaZN4afPJOT5H/Nr
7x7dgZkbOR6PQFm00VgML0XxKih59t0dcQ+2qk1LX5JDKRF/1kER3np6dpceteDu
cC+MEHB/KvijnviAtBZGvD0O7oZgvbkKHESu2igXpAnfXPZFvw==
-----END RSA PRIVATE KEY-----

1
tests/key_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnak1T7zHJ+hVRFBDQ9pf1KVzmd5gaNc7y7NPmL13aOG3sYeJevi1x1WM/R3tb8XnUnzZUX9GJN0MYovvZsw9bknG1mDP72LFbGp/gzPddGIKHBBpvceDaJ85sM/ME3XOtD7uuXQuNAuEHwEzSMMiSIEMcQS+lXIcMLr5xPLEkyNvqsO5RqSjMTLHKHgY8gLWx7oQ1avokhwuDxF7P3Pqtj+rW2Te6vR0i1H6EyFPsBkzkgNXb33cus8M1CnTmYTSgJgmHO2LLcGpjQ5sL8T/PWIWHaSqTnkrFXEMysgoteXnAYILjzyBaqq2WV4KA3TluGdAP2p8gC32QtKmIuis3Q== awl03@bounty

28
tests/libssh2_config_cmake.h.in
View File

@@ -39,5 +39,33 @@
#cmakedefine HAVE_INTTYPES_H
#cmakedefine HAVE_SYS_SOCKET_H
#cmakedefine HAVE_ARPA_INET_H
#cmakedefine HAVE_NETINET_IN_H
#cmakedefine HAVE_WINDOWS_H
#cmakedefine HAVE_WINSOCK2_H
#cmakedefine HAVE_SNPRINTF
/* snprintf not in Visual Studio CRT and _snprintf dangerously incompatible.
We provide a safe wrapper if snprintf not found */
#ifndef HAVE_SNPRINTF
#include <stdio.h>
#include <stdarg.h>
/* Want safe, 'n += snprintf(b + n ...)' like function. If cp_max_len is 1
* then assume cp is pointing to a null char and do nothing. Returns number
* number of chars placed in cp excluding the trailing null char. So for
* cp_max_len > 0 the return value is always < cp_max_len; for cp_max_len
* <= 0 the return value is 0 (and no chars are written to cp). */
static int snprintf(char *cp, int cp_max_len, const char *fmt, ...)
{
va_list args;
int n;
if (cp_max_len < 2)
return 0;
va_start(args, fmt);
n = vsnprintf(cp, cp_max_len, fmt, args);
va_end(args);
return (n < cp_max_len) ? n : (cp_max_len - 1);
}
#define HAVE_SNPRINTF
#endif

318
tests/openssh_fixture.c Normal file
View File

@@ -0,0 +1,318 @@
/* Copyright (C) 2016 Alexander Lamaison
* All rights reserved.
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#include "openssh_fixture.h"
#include "libssh2_config.h"
#ifdef HAVE_WINSOCK2_H
#include <winsock2.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static int run_command(const char *command, char **output)
{
FILE *pipe;
char command_buf[BUFSIZ];
int ret;
if (output) {
*output = NULL;
}
/* Rewrite the command to redirect stderr to stdout to we can output it */
ret = snprintf(command_buf, sizeof(command_buf), "%s 2>&1", command);
if (ret < 0 || ret >= BUFSIZ) {
fprintf(stderr, "Unable to format command (%s)\n", command);
return -1;
}
fprintf(stdout, "Command: %s\n", command);
#ifdef WIN32
pipe = _popen(command_buf, "r");
#else
pipe = popen(command_buf, "r");
#endif
if (pipe) {
char buf[BUFSIZ];
char *p = buf;
while (fgets(p, sizeof(buf) - (p - buf), pipe) != NULL)
;
#ifdef WIN32
ret = _pclose(pipe);
#else
ret = pclose(pipe);
#endif
if (ret == 0) {
if (output) {
/* command output may contain a trailing newline, so we trim
* whitespace here */
size_t end = strlen(buf) - 1;
while (end > 0 && isspace(buf[end])) {
buf[end] = '\0';
}
*output = strdup(buf);
}
}
else {
fprintf(stderr, "Error running command '%s' (exit %d): %s\n",
command, ret, buf);
}
return ret;
}
else {
fprintf(stderr, "Unable to execute command '%s'\n", command);
return -1;
}
}
static int build_openssh_server_docker_image()
{
return run_command("docker build -t libssh2/openssh_server openssh_server",
NULL);
}
static int start_openssh_server(char **container_id_out)
{
return run_command("docker run --detach -P libssh2/openssh_server",
container_id_out);
}
static int stop_openssh_server(char *container_id)
{
char command_buf[BUFSIZ];
int rc = snprintf(command_buf, sizeof(command_buf), "docker stop %s",
container_id);
if (rc > -1 && rc < BUFSIZ) {
return run_command(command_buf, NULL);
}
else {
return rc;
}
}
static const char *docker_machine_name()
{
return getenv("DOCKER_MACHINE_NAME");
}
static int ip_address_from_container(char *container_id, char **ip_address_out)
{
const char *active_docker_machine = docker_machine_name();
if (active_docker_machine != NULL) {
// This can be flaky when tests run in parallel (see
// https://github.com/docker/machine/issues/2612), so we retry a few
// times with exponential backoff if it fails
int attempt_no = 0;
int wait_time = 500;
for (;;) {
char command_buf[BUFSIZ];
int rc = snprintf(command_buf, sizeof(command_buf),
"docker-machine ip %s", active_docker_machine);
if (rc > -1 && rc < BUFSIZ) {
return run_command(command_buf, ip_address_out);
}
if (attempt_no > 5) {
fprintf(
stderr,
"Unable to get IP from docker-machine after %d attempts\n",
attempt_no);
return -1;
}
else {
#ifdef WIN32
#pragma warning(push)
#pragma warning(disable : 4996)
_sleep(wait_time);
#pragma warning(pop)
#else
sleep(wait_time);
#endif
++attempt_no;
wait_time *= 2;
}
}
}
else {
char command_buf[BUFSIZ];
int rc = snprintf(
command_buf, sizeof(command_buf),
"docker inspect --format \"{{ index (index (index "
".NetworkSettings.Ports \\\"22/tcp\\\") 0) \\\"HostIp\\\" }}\" %s",
container_id);
if (rc > -1 && rc < BUFSIZ) {
return run_command(command_buf, ip_address_out);
}
else {
return rc;
}
}
}
static int port_from_container(char *container_id, char **port_out)
{
char command_buf[BUFSIZ];
int rc = snprintf(
command_buf, sizeof(command_buf),
"docker inspect --format \"{{ index (index (index "
".NetworkSettings.Ports \\\"22/tcp\\\") 0) \\\"HostPort\\\" }}\" %s",
container_id);
if (rc > -1 && rc < BUFSIZ) {
return run_command(command_buf, port_out);
}
else {
return rc;
}
}
static int open_socket_to_container(char *container_id)
{
char *ip_address = NULL;
int ret = ip_address_from_container(container_id, &ip_address);
if (ret == 0) {
char *port_string = NULL;
ret = port_from_container(container_id, &port_string);
if (ret == 0) {
unsigned long hostaddr = inet_addr(ip_address);
if (hostaddr != (unsigned long)(-1)) {
int sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock > -1) {
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons((short)strtol(port_string, NULL, 0));
sin.sin_addr.s_addr = hostaddr;
if (connect(sock, (struct sockaddr *)(&sin),
sizeof(struct sockaddr_in)) == 0) {
ret = sock;
}
else {
fprintf(stderr, "Failed to connect to %s:%s\n",
ip_address, port_string);
ret = -1;
}
}
else {
fprintf(stderr, "Failed to open socket (%d)\n", sock);
ret = -1;
}
}
else {
fprintf(stderr, "Failed to convert %s host address\n",
ip_address);
ret = -1;
}
free(port_string);
}
else {
fprintf(stderr, "Failed to get port for container %s\n",
container_id);
ret = -1;
}
free(ip_address);
}
else {
fprintf(stderr, "Failed to get IP address for container %s\n",
container_id);
ret = -1;
}
return ret;
}
static char *running_container_id = NULL;
int start_openssh_fixture()
{
int ret;
#ifdef HAVE_WINSOCK2_H
WSADATA wsadata;
ret = WSAStartup(MAKEWORD(2, 0), &wsadata);
if (ret != 0) {
fprintf(stderr, "WSAStartup failed with error: %d\n", ret);
return 1;
}
#endif
ret = build_openssh_server_docker_image();
if (ret == 0) {
return start_openssh_server(&running_container_id);
}
else {
fprintf(stderr, "Failed to build docker image\n");
return ret;
}
}
void stop_openssh_fixture()
{
if (running_container_id) {
stop_openssh_server(running_container_id);
free(running_container_id);
running_container_id = NULL;
}
else {
fprintf(stderr, "Cannot stop container - none started");
}
}
int open_socket_to_openssh_server()
{
return open_socket_to_container(running_container_id);
}

45
tests/openssh_fixture.h Normal file
View File

@@ -0,0 +1,45 @@
/* Copyright (C) 2016 Alexander Lamaison
* All rights reserved.
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#ifndef LIBSSH2_TESTS_OPENSSH_FIXTURE_H
#define LIBSSH2_TESTS_OPENSSH_FIXTURE_H
int start_openssh_fixture();
void stop_openssh_fixture();
int open_socket_to_openssh_server();
#endif

74
tests/openssh_server/Dockerfile Normal file
View File

@@ -0,0 +1,74 @@
# Copyright (c) 2016 Alexander Lamaison <alexander.lamaison@gmail.com>
#
# Redistribution and use in source and binary forms,
# with or without modification, are permitted provided
# that the following conditions are met:
#
# Redistributions of source code must retain the above
# copyright notice, this list of conditions and the
# following disclaimer.
#
# Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
#
# Neither the name of the copyright holder nor the names
# of any other contributors may be used to endorse or
# promote products derived from this software without
# specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
# OF SUCH DAMAGE.
FROM debian:jessie
RUN apt-get update \
&& apt-get install -y openssh-server \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir /var/run/sshd
# Chmodding because, when building on Windows, files are copied in with
# -rwxr-xr-x permissions.
#
# Copying to a temp location, then moving because chmodding the copied file has
# no effect (Docker AUFS-related bug maybe?)
COPY ssh_host_rsa_key /tmp/etc/ssh/ssh_host_rsa_key
RUN mv /tmp/etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key
RUN chmod 600 /etc/ssh/ssh_host_rsa_key
RUN adduser --disabled-password --gecos 'Test user for libssh2 integration tests' libssh2
RUN echo 'libssh2:my test password' | chpasswd
RUN sed -i 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
USER libssh2
RUN mkdir -p /home/libssh2/.ssh
RUN mkdir -p /home/libssh2/sandbox
COPY authorized_keys /tmp/libssh2/.ssh/authorized_keys
RUN cp /tmp/libssh2/.ssh/authorized_keys /home/libssh2/.ssh/authorized_keys
RUN chmod 600 /home/libssh2/.ssh/authorized_keys
USER root
EXPOSE 22
# -e gives logs via 'docker logs'
CMD ["/usr/sbin/sshd", "-D", "-e"]

2
tests/openssh_server/authorized_keys Normal file
View File

@@ -0,0 +1,2 @@
ssh-dss AAAAB3NzaC1kc3MAAACBAK2Jh2Ck+8W1+LsFrjgOIH7XHySiONPSdG+faFTZprinh9cjyR3odzntVA7+UuFH14WnGM/ub6MbAXjrxDo1TzGILvW5x6nQ6hdLu7xFygihZ8sO1mIMOVqGdlNbTiYHl8XGjbLt1iXfW8ThM91LGGqmS+cgEiy0wWHYzsOXTDz9AAAAFQD/ebunYNTluoBrEYIoq3LMtQPbcwAAAIEAjPBzkUKcmfMAmb0eO/QAVXmX+L8NC6Vn2m4QguQ2IcJ8NH6VMnxXEBHsnemCOa9jN55G+LnX17PViuKS0O3rqQiSdA5wcHyCHKBT519/v1KQNymDwudfnFvdxUyAAG6MDSxKlpbXDCbrhFd2+ahC9a7rKalRPSXR0R2hhWRvjK0AAACAJ+CGwV/1S4j1GVwa6pSP0nj4V86GWXosTTBg7GT+rKWu8lrxIcr6FzLWgFi/gHoMrgnKWGxO1yF7vkoYM5Yfo84oBYiH+MgpiBuOrZrgzacHsA66JJbUfrESRFWZl2blIPr6Gyjj6cVGgMabK3yCiTRi0v7hwffpm0rKyKv7Goo= awl03@bounty
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnak1T7zHJ+hVRFBDQ9pf1KVzmd5gaNc7y7NPmL13aOG3sYeJevi1x1WM/R3tb8XnUnzZUX9GJN0MYovvZsw9bknG1mDP72LFbGp/gzPddGIKHBBpvceDaJ85sM/ME3XOtD7uuXQuNAuEHwEzSMMiSIEMcQS+lXIcMLr5xPLEkyNvqsO5RqSjMTLHKHgY8gLWx7oQ1avokhwuDxF7P3Pqtj+rW2Te6vR0i1H6EyFPsBkzkgNXb33cus8M1CnTmYTSgJgmHO2LLcGpjQ5sL8T/PWIWHaSqTnkrFXEMysgoteXnAYILjzyBaqq2WV4KA3TluGdAP2p8gC32QtKmIuis3Q== awl03@bounty

27
tests/openssh_server/ssh_host_rsa_key Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQEArrr/JuJmaZligyfS8vcNur+mWR2ddDQtVdhHzdKUUoR6/Om6
cvxpe61H1YZO1xCpLUBXmkki4HoNtYOpPB2W4V+8U4BDeVBD5crypEOE1+7BAm99
fnEDxYIOZq2/jTP0yQmzCpWYS3COyFmkOL7sfX1wQMeW5zQT2WKcxC6FSWbhDqrB
eNEGi687hJJoJ7YXgY/IdiYW5NcOuqRSWljjGS3dAJsHHWk4nJbhjEDXbPaeduMA
wQU9i6ELfP3r+q6wdu0P4jWaoo3De1aYxnToV/ldXykpipON4NPamsb6Ph2qlJQK
ypq7J4iQgkIIbCU1A31+4ExvcIVoxLQw/aTSbwIBIwKCAQAd9Cu9heWrs+UAinvv
Iwmq/EhnDGQijJoOt1zEMrpXSekyq7mQDgN0SZdJLPeSlSRQ5nVq5/dZroYB3A5i
E7N3F7nibcJskWq5rcMyGjQHwod8wqfMiGcL6mjeZu2jLXprm0NDpJ3DyicbCA2G
EhnpoHmktIBE5FsslI/nHer2o6OA/kVWSEjak+pvI1pm22T8QOBBfY0yAX7B0ebk
8o4lB4cdLf3In7Q0ahpHNOwIPdRvQ2c4Tm/DcfUBkTW2ZYGUd45cFsyHqXZscNNy
GX2Wcy/FLEvQ6zBFJsNLpxCYsUyBxfSDygn9dx9RQfiWFXjdRaRPpyRAr+BTXkLU
yvabAoGBANt7sxfjvu/SLkRc7TnBoJ0h/AL7Mcuu9PJmOnis4boyF9ZxqbiRiS3J
yK+EKxfC0S+xf5WJ5uf7dVGnOXHXKaRl4xH90iRtryNlvtILZwHw1DTqRFxv9jtz
tTRrYMEHAnMKzadgDfV/lv4iJ6nwFzK76GQ7RQNZYiGTMEh3pUNjAoGBAMvNLGpz
FxhpIh+fVvRjawKgGVP87T482WOUdsF18EEPFMe6D7DO5xpLuJi+C7QkvMI8WjvD
/3RGvaSh9Wt7ikLZpeogiSJy121HsEqheTR5hTx2t72ClrjZvIhLbQMRu6PqGPu/
HOC2urEGGYm7O2vnftwpuG3zIVVLM2KstPCFAoGBAM7w+VEJ7opYdMQdGi8kRvqN
wbmrAxCAY0ryrCijALbexgS0T5DDu9q28Gr49W4stpquq35dc0/BNBnJje7+EVHc
aGFrqOCErHHU9b66Sy23LnsIxBykFAwrRHNAq66u1mx35nk9Tv1pq58nhHun21u4
fAa7ijZblwm2qd3tJsqBAoGAEXf8ficfPJtMEVbM8GBLADmbxV7Sga1xuBQKLdbo
tR6MwKmMUPvKqnuE2eRnZzZZUnoznrkHRHsXkcS9Q7ohyzc6G2Hf3mGdb8RQ8HQ9
lsiWZESwqdf+SlvOVNND27EQFV01V2gnC/JnxgfWTaJVjOf07ky4CWycdQZyHmaT
Ko8CgYB58jOyXMdo2ggOCG/HX2H92KPPpFUBFCX27fCue8BZLD5quIltpXupx5oj
EyltgvPcmNDgvdSadkHvP5s6nykS+n5we+d9yIIJF/BfETWsXjR3ooip+trqiirw
0aHqUDFcYn9unm2wtrMYYViiDLRijNwLZ2sG0JIU4JHyseh+NA==
-----END RSA PRIVATE KEY-----

51
tests/runner.c Normal file
View File

@@ -0,0 +1,51 @@
/* Copyright (C) 2016 Alexander Lamaison
* All rights reserved.
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#include "session_fixture.h"
extern int test(LIBSSH2_SESSION *session);
int main()
{
int exit_code = 1;
LIBSSH2_SESSION *session = start_session_fixture();
if (session != NULL) {
exit_code = (test(session) == 0) ? 0 : 1;
}
stop_session_fixture();
return exit_code;
}

133
tests/session_fixture.c Normal file
View File

@@ -0,0 +1,133 @@
/* Copyright (C) 2016 Alexander Lamaison
* All rights reserved.
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#include "session_fixture.h"
#include "libssh2_config.h"
#include "openssh_fixture.h"
#include <stdio.h>
#ifdef HAVE_WINDOWS_H
#include <windows.h>
#endif
#ifdef HAVE_WINSOCK2_H
#include <winsock2.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
LIBSSH2_SESSION *connected_session = NULL;
int connected_socket = -1;
static int connect_to_server()
{
connected_socket = open_socket_to_openssh_server();
if (connected_socket > -1) {
int rc = libssh2_session_handshake(connected_session, connected_socket);
if (rc == 0) {
return 0;
}
else {
print_last_session_error("libssh2_session_handshake");
return -1;
}
}
else {
return -1;
}
}
LIBSSH2_SESSION *start_session_fixture()
{
int rc = start_openssh_fixture();
if (rc == 0) {
rc = libssh2_init(0);
if (rc == 0) {
connected_session = libssh2_session_init_ex(NULL, NULL, NULL, NULL);
libssh2_session_set_blocking(connected_session, 1);
if (connected_session != NULL) {
rc = connect_to_server();
if (rc == 0) {
return connected_session;
}
else {
return NULL;
}
}
else {
fprintf(stderr, "libssh2_session_init_ex failed\n");
return NULL;
}
}
else {
fprintf(stderr, "libssh2_init failed (%d)\n", rc);
return NULL;
}
}
else {
return NULL;
}
}
void print_last_session_error(const char *function)
{
if (connected_session) {
char *message;
int rc =
libssh2_session_last_error(connected_session, &message, NULL, 0);
fprintf(stderr, "%s failed (%d): %s\n", function, rc, message);
}
else {
fprintf(stderr, "No session");
}
}
void stop_session_fixture()
{
if (connected_session) {
libssh2_session_disconnect(connected_session, "test ended");
libssh2_session_free(connected_session);
shutdown(connected_socket, 2);
connected_session = NULL;
}
else {
fprintf(stderr, "Cannot stop session - none started");
}
stop_openssh_fixture();
}

47
tests/session_fixture.h Normal file
View File

@@ -0,0 +1,47 @@
/* Copyright (C) 2016 Alexander Lamaison
* All rights reserved.
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#ifndef LIBSSH2_TESTS_SESSION_FIXTURE_H
#define LIBSSH2_TESTS_SESSION_FIXTURE_H
#include <libssh2.h>
LIBSSH2_SESSION *start_session_fixture();
void stop_session_fixture();
void print_last_session_error(const char *function);
#endif

54
tests/test_hostkey.c Normal file
View File

@@ -0,0 +1,54 @@
#include "session_fixture.h"
#include <libssh2.h>
#include <stdio.h>
const char *EXPECTED_HOSTKEY =
"AAAAB3NzaC1yc2EAAAABIwAAAQEArrr/JuJmaZligyfS8vcNur+mWR2ddDQtVdhHzdKU"
"UoR6/Om6cvxpe61H1YZO1xCpLUBXmkki4HoNtYOpPB2W4V+8U4BDeVBD5crypEOE1+7B"
"Am99fnEDxYIOZq2/jTP0yQmzCpWYS3COyFmkOL7sfX1wQMeW5zQT2WKcxC6FSWbhDqrB"
"eNEGi687hJJoJ7YXgY/IdiYW5NcOuqRSWljjGS3dAJsHHWk4nJbhjEDXbPaeduMAwQU9"
"i6ELfP3r+q6wdu0P4jWaoo3De1aYxnToV/ldXykpipON4NPamsb6Ph2qlJQKypq7J4iQ"
"gkIIbCU1A31+4ExvcIVoxLQw/aTSbw==";
int test(LIBSSH2_SESSION *session)
{
int rc;
size_t len;
int type;
unsigned int expected_len = 0;
char *expected_hostkey = NULL;
const char *hostkey = libssh2_session_hostkey(session, &len, &type);
if (hostkey == NULL) {
print_last_session_error("libssh2_session_hostkey");
return 1;
}
if (type != LIBSSH2_HOSTKEY_TYPE_RSA) {
/* Hostkey configured in docker container is RSA */
fprintf(stderr, "Wrong type of hostkey\n");
return 1;
}
rc = libssh2_base64_decode(session, &expected_hostkey, &expected_len,
EXPECTED_HOSTKEY, strlen(EXPECTED_HOSTKEY));
if (rc != 0) {
print_last_session_error("libssh2_base64_decode");
return 1;
}
if (len != expected_len) {
fprintf(stderr, "Hostkey does not have the expected length %ld != %d\n",
len, expected_len);
return 1;
}
if (memcmp(hostkey, expected_hostkey, len) != 0) {
fprintf(stderr, "Hostkeys do not match\n");
return 1;
}
return 0;
}

74
tests/test_hostkey_hash.c Normal file
View File

@@ -0,0 +1,74 @@
#include "session_fixture.h"
#include "libssh2_config.h"
#include <libssh2.h>
#include <stdio.h>
const char *EXPECTED_HOSTKEY =
"AAAAB3NzaC1yc2EAAAABIwAAAQEArrr/JuJmaZligyfS8vcNur+mWR2ddDQtVdhHzdKU"
"UoR6/Om6cvxpe61H1YZO1xCpLUBXmkki4HoNtYOpPB2W4V+8U4BDeVBD5crypEOE1+7B"
"Am99fnEDxYIOZq2/jTP0yQmzCpWYS3COyFmkOL7sfX1wQMeW5zQT2WKcxC6FSWbhDqrB"
"eNEGi687hJJoJ7YXgY/IdiYW5NcOuqRSWljjGS3dAJsHHWk4nJbhjEDXbPaeduMAwQU9"
"i6ELfP3r+q6wdu0P4jWaoo3De1aYxnToV/ldXykpipON4NPamsb6Ph2qlJQKypq7J4iQ"
"gkIIbCU1A31+4ExvcIVoxLQw/aTSbw==";
const char *EXPECTED_MD5_HASH_DIGEST = "0C0ED1A5BB10275F76924CE187CE5C5E";
const char *EXPECTED_SHA1_HASH_DIGEST =
"F3CD59E2913F4422B80F7B0A82B2B89EAE449387";
const int MD5_HASH_SIZE = 16;
const int SHA1_HASH_SIZE = 20;
static void calculate_digest(const char *hash, size_t hash_len, char *buffer,
size_t buffer_len)
{
size_t i;
char *p = buffer;
char *end = buffer + buffer_len;
for (i = 0; i < hash_len && p < end; ++i) {
p += snprintf(p, end - p, "%02X", (unsigned char)hash[i]);
}
}
int test(LIBSSH2_SESSION *session)
{
char buf[BUFSIZ];
const char *md5_hash;
const char *sha1_hash;
md5_hash = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
if (md5_hash == NULL) {
print_last_session_error(
"libssh2_hostkey_hash(LIBSSH2_HOSTKEY_HASH_MD5)");
return 1;
}
calculate_digest(md5_hash, MD5_HASH_SIZE, buf, BUFSIZ);
if (strcmp(buf, EXPECTED_MD5_HASH_DIGEST) != 0) {
fprintf(stderr, "MD5 hash not as expected - digest %s != %s\n", buf,
EXPECTED_MD5_HASH_DIGEST);
return 1;
}
sha1_hash = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
if (sha1_hash == NULL) {
print_last_session_error(
"libssh2_hostkey_hash(LIBSSH2_HOSTKEY_HASH_SHA1)");
return 1;
}
calculate_digest(sha1_hash, SHA1_HASH_SIZE, buf, BUFSIZ);
if (strcmp(buf, EXPECTED_SHA1_HASH_DIGEST) != 0) {
fprintf(stderr, "SHA1 hash not as expected - digest %s != %s\n", buf,
EXPECTED_SHA1_HASH_DIGEST);
return 1;
}
return 0;
}

59
tests/test_keyboard_interactive_auth_fails_with_wrong_response.c Normal file
View File

@@ -0,0 +1,59 @@
#include "session_fixture.h"
#include <libssh2.h>
#include <stdio.h>
const char *USERNAME = "libssh2"; /* configured in Dockerfile */
const char *WRONG_PASSWORD = "i'm not the password";
static void kbd_callback(const char *name, int name_len,
const char *instruction, int instruction_len,
int num_prompts,
const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
void **abstract)
{
int i;
(void)abstract;
fprintf(stdout, "Kb-int name: %.*s\n", name_len, name);
fprintf(stdout, "Kb-int instruction: %.*s\n", instruction_len, instruction);
for (i = 0; i < num_prompts; ++i) {
fprintf(stdout, "Kb-int prompt %d: %.*s\n", i, prompts[i].length,
prompts[i].text);
}
if (num_prompts == 1) {
responses[0].text = strdup(WRONG_PASSWORD);
responses[0].length = strlen(WRONG_PASSWORD);
}
}
int test(LIBSSH2_SESSION *session)
{
int rc;
const char *userauth_list =
libssh2_userauth_list(session, USERNAME, strlen(USERNAME));
if (userauth_list == NULL) {
print_last_session_error("libssh2_userauth_list");
return 1;
}
if (strstr(userauth_list, "keyboard-interactive") == NULL) {
fprintf(stderr,
"'keyboard-interactive' was expected in userauth list: %s\n",
userauth_list);
return 1;
}
rc = libssh2_userauth_keyboard_interactive_ex(
session, USERNAME, strlen(USERNAME), kbd_callback);
if (rc == 0) {
fprintf(stderr,
"Keyboard-interactive auth succeeded with wrong response\n");
return 1;
}
return 0;
}

59
tests/test_keyboard_interactive_auth_succeeds_with_correct_response.c Normal file
View File

@@ -0,0 +1,59 @@
#include "session_fixture.h"
#include <libssh2.h>
#include <stdio.h>
const char *USERNAME = "libssh2"; /* configured in Dockerfile */
const char *PASSWORD = "my test password"; /* configured in Dockerfile */
static void kbd_callback(const char *name, int name_len,
const char *instruction, int instruction_len,
int num_prompts,
const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
void **abstract)
{
int i;
(void)abstract;
fprintf(stdout, "Kb-int name: %.*s\n", name_len, name);
fprintf(stdout, "Kb-int instruction: %.*s\n", instruction_len, instruction);
for (i = 0; i < num_prompts; ++i) {
fprintf(stdout, "Kb-int prompt %d: %.*s\n", i, prompts[i].length,
prompts[i].text);
}
if (num_prompts == 1) {
responses[0].text = strdup(PASSWORD);
responses[0].length = strlen(PASSWORD);
}
}
int test(LIBSSH2_SESSION *session)
{
int rc;
const char *userauth_list =
libssh2_userauth_list(session, USERNAME, strlen(USERNAME));
if (userauth_list == NULL) {
print_last_session_error("libssh2_userauth_list");
return 1;
}
if (strstr(userauth_list, "keyboard-interactive") == NULL) {
fprintf(stderr,
"'keyboard-interactive' was expected in userauth list: %s\n",
userauth_list);
return 1;
}
rc = libssh2_userauth_keyboard_interactive_ex(
session, USERNAME, strlen(USERNAME), kbd_callback);
if (rc != 0) {
print_last_session_error("libssh2_userauth_keyboard_interactive_ex");
return 1;
}
return 0;
}

36
tests/test_password_auth_fails_with_wrong_password.c Normal file
View File

@@ -0,0 +1,36 @@
#include "session_fixture.h"
#include <libssh2.h>
#include <stdio.h>
const char *USERNAME = "libssh2"; /* configured in Dockerfile */
const char *WRONG_PASSWORD = "i'm not the password";
int test(LIBSSH2_SESSION *session)
{
int rc;
const char *userauth_list =
libssh2_userauth_list(session, USERNAME, strlen(USERNAME));
if (userauth_list == NULL) {
print_last_session_error("libssh2_userauth_list");
return 1;
}
if (strstr(userauth_list, "password") == NULL) {
fprintf(stderr, "'password' was expected in userauth list: %s\n",
userauth_list);
return 1;
}
rc = libssh2_userauth_password_ex(session, USERNAME, strlen(USERNAME),
WRONG_PASSWORD, strlen(WRONG_PASSWORD),
NULL);
if (rc == 0) {
fprintf(stderr, "Password auth succeeded with wrong password\n");
return 1;
}
return 0;
}

36
tests/test_password_auth_fails_with_wrong_username.c Normal file
View File

@@ -0,0 +1,36 @@
#include "session_fixture.h"
#include <libssh2.h>
#include <stdio.h>
const char *PASSWORD = "my test password"; /* configured in Dockerfile */
const char *WRONG_USERNAME = "i dont exist";
int test(LIBSSH2_SESSION *session)
{
int rc;
const char *userauth_list =
libssh2_userauth_list(session, WRONG_USERNAME, strlen(WRONG_USERNAME));
if (userauth_list == NULL) {
print_last_session_error("libssh2_userauth_list");
return 1;
}
if (strstr(userauth_list, "password") == NULL) {
fprintf(stderr, "'password' was expected in userauth list: %s\n",
userauth_list);
return 1;
}
rc = libssh2_userauth_password_ex(session, WRONG_USERNAME,
strlen(WRONG_USERNAME), PASSWORD,
strlen(PASSWORD), NULL);
if (rc == 0) {
fprintf(stderr, "Password auth succeeded with wrong username\n");
return 1;
}
return 0;
}

41
tests/test_password_auth_succeeds_with_correct_credentials.c Normal file
View File

@@ -0,0 +1,41 @@
#include "session_fixture.h"
#include <libssh2.h>
#include <stdio.h>
const char *USERNAME = "libssh2"; /* configured in Dockerfile */
const char *PASSWORD = "my test password"; /* configured in Dockerfile */
int test(LIBSSH2_SESSION *session)
{
int rc;
const char *userauth_list =
libssh2_userauth_list(session, USERNAME, strlen(USERNAME));
if (userauth_list == NULL) {
print_last_session_error("libssh2_userauth_list");
return 1;
}
if (strstr(userauth_list, "password") == NULL) {
fprintf(stderr, "'password' was expected in userauth list: %s\n",
userauth_list);
return 1;
}
rc = libssh2_userauth_password_ex(session, USERNAME, strlen(USERNAME),
PASSWORD, strlen(PASSWORD), NULL);
if (rc != 0) {
print_last_session_error("libssh2_userauth_password_ex");
return 1;
}
if (libssh2_userauth_authenticated(session) == 0) {
fprintf(stderr, "Password auth appeared to succeed but "
"libssh2_userauth_authenticated returned 0\n");
return 1;
}
return 0;
}

37
tests/test_public_key_auth_fails_with_wrong_key.c Normal file
View File

@@ -0,0 +1,37 @@
#include "session_fixture.h"
#include <libssh2.h>
#include <stdio.h>
const char *USERNAME = "libssh2"; /* configured in Dockerfile */
const char *KEY_FILE_PRIVATE = "key_dsa_wrong";
const char *KEY_FILE_PUBLIC = "key_dsa_wrong.pub";
int test(LIBSSH2_SESSION *session)
{
int rc;
const char *userauth_list =
libssh2_userauth_list(session, USERNAME, strlen(USERNAME));
if (userauth_list == NULL) {
print_last_session_error("libssh2_userauth_list");
return 1;
}
if (strstr(userauth_list, "publickey") == NULL) {
fprintf(stderr, "'publickey' was expected in userauth list: %s\n",
userauth_list);
return 1;
}
rc = libssh2_userauth_publickey_fromfile_ex(
session, USERNAME, strlen(USERNAME), KEY_FILE_PUBLIC, KEY_FILE_PRIVATE,
NULL);
if (rc == 0) {
fprintf(stderr, "Public-key auth succeeded with wrong key\n");
return 1;
}
return 0;
}

37
tests/test_public_key_auth_succeeds_with_correct_dsa_key.c Normal file
View File

@@ -0,0 +1,37 @@
#include "session_fixture.h"
#include <libssh2.h>
#include <stdio.h>
const char *USERNAME = "libssh2"; /* configured in Dockerfile */
const char *KEY_FILE_PRIVATE = "key_dsa";
const char *KEY_FILE_PUBLIC = "key_dsa.pub"; /* configured in Dockerfile */
int test(LIBSSH2_SESSION *session)
{
int rc;
const char *userauth_list =
libssh2_userauth_list(session, USERNAME, strlen(USERNAME));
if (userauth_list == NULL) {
print_last_session_error("libssh2_userauth_list");
return 1;
}
if (strstr(userauth_list, "publickey") == NULL) {
fprintf(stderr, "'publickey' was expected in userauth list: %s\n",
userauth_list);
return 1;
}
rc = libssh2_userauth_publickey_fromfile_ex(
session, USERNAME, strlen(USERNAME), KEY_FILE_PUBLIC, KEY_FILE_PRIVATE,
NULL);
if (rc != 0) {
print_last_session_error("libssh2_userauth_publickey_fromfile_ex");
return 1;
}
return 0;
}

37
tests/test_public_key_auth_succeeds_with_correct_rsa_key.c Normal file
View File

@@ -0,0 +1,37 @@
#include "session_fixture.h"
#include <libssh2.h>
#include <stdio.h>
const char *USERNAME = "libssh2"; /* configured in Dockerfile */
const char *KEY_FILE_PRIVATE = "key_rsa";
const char *KEY_FILE_PUBLIC = "key_rsa.pub"; /* configured in Dockerfile */
int test(LIBSSH2_SESSION *session)
{
int rc;
const char *userauth_list =
libssh2_userauth_list(session, USERNAME, strlen(USERNAME));
if (userauth_list == NULL) {
print_last_session_error("libssh2_userauth_list");
return 1;
}
if (strstr(userauth_list, "publickey") == NULL) {
fprintf(stderr, "'publickey' was expected in userauth list: %s\n",
userauth_list);
return 1;
}
rc = libssh2_userauth_publickey_fromfile_ex(
session, USERNAME, strlen(USERNAME), KEY_FILE_PUBLIC, KEY_FILE_PRIVATE,
NULL);
if (rc != 0) {
print_last_session_error("libssh2_userauth_publickey_fromfile_ex");
return 1;
}
return 0;
}

8
vms/libssh2_config.h
View File

@@ -14,6 +14,7 @@ typedef unsigned int socklen_t; /* missing in headers on VMS */
/* Have's */
#define HAVE_UNISTD_H
#define HAVE_STDLIB_H
#define HAVE_INTTYPES_H
#define HAVE_SYS_TIME_H
#define HAVE_SELECT
@@ -23,6 +24,8 @@ typedef unsigned int socklen_t; /* missing in headers on VMS */
#define HAVE_NETINET_IN_H
#define HAVE_ARPA_INET_H
#define HAVE_GETTIMEOFDAY 1
#define POSIX_C_SOURCE
/* Enable the possibility of using tracing */
@@ -68,8 +71,11 @@ typedef unsigned int socklen_t; /* missing in headers on VMS */
#endif
/* Use OpenSSL */
#define LIBSSH2_OPENSSL 1
/* Compile in zlib support. We link against gnv$libzshr, as available
* on encompasserve.com.
* from https://sourceforge.net/projects/vms-ports/files/.
*/
#define LIBSSH2_HAVE_ZLIB

3
vms/libssh2_make_example.dcl
View File

@@ -29,6 +29,7 @@ $ this = f$search("exadir:*.c;0")
$ if this .eqs. "" then goto EndLoop
$!
$ what = f$parse( this,,,"name")
$ if what .eqs. "x11" then goto loop ! not portable yet
$ call Make
$!
$ goto Loop
@@ -84,7 +85,7 @@ $ define objdir 'objdir'
$ define exadir 'exadir'
$!
$ cc_include = "/include=([],[-.include])"
$ cc_flags = "/name=shortened/show=all"
$ cc_flags = "/name=shortened/show=all/define=(_USE_STD_STAT=1)"
$ link_opts = "objdir:libssh2_''thisid'.opt"
$!
$!

24
vms/libssh2_make_help.dcl
View File

@@ -11,23 +11,27 @@ $ man2help sys$input: libssh2.hlp -b 1
LIBSSH2
OpenVMS port of the public domain libssh2 library, which
provides an API to implement client SSH communciation.
OpenVMS port of the libssh2 library, which provides an
API to implement client SSH communication.
License information is available at the copying subtopic.
License information is available at the Copying subtopic.
$!
$ open/append mh libssh2.hlp
$ write mh helpversion
$ close mh
$!
$ man2help -a [-]readme.; libssh2.hlp -b 2
$ man2help -a [-]authors.; libssh2.hlp -b 2
$ man2help -a [-]copying.; libssh2.hlp -b 2
$ man2help -a [-]news.; libssh2.hlp -b 2
$ man2help -a [-]release-notes.; libssh2.hlp -b 2
$ man2help -a [-]hacking.; libssh2.hlp -b 2
$ man2help -a [-]todo.; libssh2.hlp -b 2
$ man2help -a [-]README.; libssh2.hlp -b 2
$ man2help -a [-]COPYING.; libssh2.hlp -b 2
$ man2help -a [-]NEWS.; libssh2.hlp -b 2
$ man2help -a [-]RELEASE-NOTES.; libssh2.hlp -b 2
$ man2help -a [-.docs]AUTHORS.; libssh2.hlp -b 2
$ man2help -a [-.docs]BINDINGS.; libssh2.hlp -b 2
$ man2help -a [-.docs]HACKING.; libssh2.hlp -b 2
$ if f$search("[]HACKING_CRYPTO.") .nes. "" then delete []HACKING_CRYPTO.;*
$ copy [-.docs]HACKING.CRYPTO; []HACKING_CRYPTO.
$ man2help -a []HACKING_CRYPTO.; libssh2.hlp -b 2
$ man2help -a [-.docs]TODO.; libssh2.hlp -b 2
$!
$ man2help -a sys$input: libssh2.hlp -b 2

2
vms/libssh2_make_kit.dcl
View File

@@ -194,7 +194,7 @@ $ write pt "=prompt JCB LIBSSH2 for OpenVMS"
$ write pt ""
$ write pt "libssh2 is an open source client side library that aims to implement"
$ write pt "the SSH protocol. This is the OpenVMS port of that library."
$ write pt "Further information at http://www.libssh2.org."
$ write pt "Further information at https://www.libssh2.org."
$ write pt ""
$ write pt "1 NEED_VMS83"
$ write pt "=prompt OpenVMS 8.3 or later is not installed on your system."

7
vms/libssh2_make_lib.dcl
View File

@@ -46,7 +46,8 @@ $!
$ define objdir 'objdir'
$ define srcdir 'srcdir'
$!
$ cc_include = "/include=([],[-.include])"
$ cc_include = "/include=([],[-.include],""/gnv$zlib_include"")"
$ cc_define = "/DEFINE=(_USE_STD_STAT=1)"
$ link_opts = "objdir:libssh2_''thisid'.opt"
$!
$ pipe search [-.include]libssh2.h libssh2_version_major/nohead | (read sys$input l ; l = f$element(2," ",f$edit(l,"trim,compress")) ; -
@@ -137,7 +138,7 @@ $CaseLoop:
$!
$ if case .eq. 0
$ then!camel case names
$ cc_flags = "/names=(shortened,as_is)"
$ cc_flags = "/names=(shortened,as_is)''cc_define'"
$ objlib = "libssh2_asis.olb"
$ endif
$!
@@ -149,7 +150,7 @@ $ rename [.cxx_repository]cxx$demangler_db.; *.lowercase
$ purge [.cxx_repository]cxx$demangler_db.lowercase
$ endif
$!
$ cc_flags = "/names=(shortened)"
$ cc_flags = "/names=(shortened)''cc_define'"
$ objlib = "libssh2_up.olb"
$ endif
$!

26
win32/GNUmakefile
View File

@@ -14,7 +14,7 @@ endif
# Edit the path below to point to the base of your OpenSSL package.
ifndef OPENSSL_PATH
OPENSSL_PATH = ../../openssl-0.9.8zc
OPENSSL_PATH = ../../openssl-1.0.2d
endif
# Edit the path below to point to your Distribution folder.
@@ -34,7 +34,7 @@ PROOT = ..
# Edit the vars below to change target settings.
TARGET = libssh2
WWWURL = http://www.libssh2.org/
WWWURL = https://www.libssh2.org/
DESCR = libssh2 $(LIBSSH2_VERSION_STR)
#STACK = 64000
@@ -111,18 +111,18 @@ endif
# Global flags for all compilers
CFLAGS = $(LIBSSH2_CFLAG_EXTRAS) $(OPT) -D$(DB) -DLIBSSH2_WIN32 # -DHAVE_CONFIG_H
LDFLAGS = $(LIBSSH2_LDFLAG_EXTRAS)
ifeq ($(CC),mwcc)
LD = mwld
RC = mwwinrc
LDFLAGS = -nostdlib
LDFLAGS += -nostdlib
AR = $(LD)
ARFLAGS = -nostdlib -library -o
LIBEXT = lib
#RANLIB =
LIBPATH += -lr "$(METROWERKS)/MSL" -lr "$(METROWERKS)/Win32-x86 Support"
LDLIBS += -lMSL_Runtime_x86.lib -lMSL_C_x86.lib -lMSL_Extras_x86.lib
LDLIBS += -lkernel32.lib -luser32.lib -lwsock32.lib
RCFLAGS =
CFLAGS += -nostdinc -gccinc -msgstyle gcc -inline off -opt nointrinsics -proc 586
CFLAGS += -ir "$(METROWERKS)/MSL" -ir "$(METROWERKS)/Win32-x86 Support"
@@ -130,22 +130,22 @@ CFLAGS += -w on,nounused,nounusedexpr # -ansi strict
else
LD = $(CROSSPREFIX)gcc
RC = $(CROSSPREFIX)windres
LDFLAGS = -s -shared -Wl,--output-def,$(TARGET).def,--out-implib,$(TARGET)dll.a
LDFLAGS += -s -shared -Wl,--output-def,$(TARGET).def,--out-implib,$(TARGET)dll.a
AR = $(CROSSPREFIX)ar
ARFLAGS = -cq
LIBEXT = a
RANLIB = $(CROSSPREFIX)ranlib
#LDLIBS += -lwsock32
LDLIBS += -lws2_32
RCFLAGS = -I $(PROOT)/include -O coff
CFLAGS += -fno-builtin
CFLAGS += -fno-strict-aliasing
CFLAGS += -Wall # -pedantic
ifeq ($(ARCH),w64)
CFLAGS += -D_AMD64_
CFLAGS += -m64 -D_AMD64_
LDFLAGS += -m64
RCFLAGS += -F pe-x86-64
else
CFLAGS += -m32
LDFLAGS += -m32
RCFLAGS += -F pe-i386
endif
endif
@@ -186,6 +186,12 @@ else
LDLIBS += $(patsubst %,$(OPENSSL_LIBPATH)/lib%.$(LIBEXT), $(OPENSSL_LIBS_DYN))
endif
endif
ifeq ($(CC),mwcc)
LDLIBS += -lkernel32.lib -luser32.lib -lwsock32.lib
else
#LDLIBS += -lwsock32
LDLIBS += -lws2_32
endif
ifdef WITH_ZLIB
CFLAGS += -DLIBSSH2_HAVE_ZLIB
@@ -226,7 +232,7 @@ prebuild: $(OBJDIR) $(OBJDIR)/version.inc
test: all
$(MAKE) -C test -f GNUmakefile
$(OBJDIR)/%.o: %.c
# @echo Compiling $<
$(CC) $(CFLAGS) -c $< -o $@
@@ -342,5 +348,3 @@ help: $(OBJDIR)/version.inc
@echo $(DL)$(MAKE) objclean$(DL)
@echo $(DL)$(MAKE) test$(DL)
@echo $(DL)===========================================================$(DL)

8
win32/libssh2.dsp
View File

@@ -299,6 +299,10 @@ SOURCE=..\src\mac.c
# End Source File
# Begin Source File
SOURCE=..\src\mbedtls.c
# End Source File
# Begin Source File
SOURCE=..\src\misc.c
# End Source File
# Begin Source File
@@ -375,6 +379,10 @@ SOURCE=..\src\mac.h
# End Source File
# Begin Source File
SOURCE=..\src\mbedtls.h
# End Source File
# Begin Source File
SOURCE=..\src\misc.h
# End Source File
# Begin Source File

4
win32/libssh2.rc
View File

@@ -26,7 +26,7 @@ BEGIN
BEGIN
BLOCK "040904b0"
BEGIN
VALUE "CompanyName", "The libssh2 library, http://www.libssh2.org/\0"
VALUE "CompanyName", "The libssh2 library, https://www.libssh2.org/\0"
VALUE "FileDescription", "libssh2 Shared Library\0"
VALUE "FileVersion", LIBSSH2_VERSION "\0"
VALUE "InternalName", "libssh2\0"
@@ -34,7 +34,7 @@ BEGIN
VALUE "ProductName", "The libssh2 library\0"
VALUE "ProductVersion", LIBSSH2_VERSION "\0"
VALUE "LegalCopyright", "© " LIBSSH2_COPYRIGHT "\0"
VALUE "License", "http://www.libssh2.org/license.html\0"
VALUE "License", "https://www.libssh2.org/license.html\0"
END
END

2
win32/libssh2_config.h
View File

@@ -26,13 +26,13 @@
#ifdef _MSC_VER
#if _MSC_VER < 1900
#define snprintf _snprintf
#endif
#if _MSC_VER < 1500
#define vsnprintf _vsnprintf
#endif
#define strdup _strdup
#define strncasecmp _strnicmp
#define strcasecmp _stricmp
#endif
#else
#ifndef __MINGW32__
#define strncasecmp strnicmp

10
win32/libssh2_dll.vcxproj
View File

@@ -114,7 +114,7 @@
<Culture>0x0409</Culture>
</ResourceCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;libeay32.lib;ssleay32.lib;zlib.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ws2_32.lib;libeay32.lib;ssleay32.lib;zlib_a.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OutputFile>Release_dll/libssh2.dll</OutputFile>
<SuppressStartupBanner>true</SuppressStartupBanner>
<AdditionalLibraryDirectories>..\deps\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
@@ -161,7 +161,7 @@
<Culture>0x0409</Culture>
</ResourceCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;libeay32.lib;ssleay32.lib;zlib.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ws2_32.lib;libeay32.lib;ssleay32.lib;zlib_a.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OutputFile>Release_dll/libssh2.dll</OutputFile>
<SuppressStartupBanner>true</SuppressStartupBanner>
<AdditionalLibraryDirectories>..\deps\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
@@ -208,7 +208,7 @@
<Culture>0x0409</Culture>
</ResourceCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;libeay32.lib;ssleay32.lib;zlib.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ws2_32.lib;libeay32.lib;ssleay32.lib;zlib_a.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OutputFile>Debug_dll/libssh2_debug.dll</OutputFile>
<SuppressStartupBanner>true</SuppressStartupBanner>
<AdditionalLibraryDirectories>..\deps\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
@@ -254,7 +254,7 @@
<Culture>0x0409</Culture>
</ResourceCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;libeay32.lib;ssleay32.lib;zlib.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ws2_32.lib;libeay32.lib;ssleay32.lib;zlib_a.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OutputFile>Debug_dll/libssh2_debug.dll</OutputFile>
<SuppressStartupBanner>true</SuppressStartupBanner>
<AdditionalLibraryDirectories>..\deps\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
@@ -306,4 +306,4 @@
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
</Project>

2
win32/test/GNUmakefile
View File

@@ -26,7 +26,7 @@ LINK_STATIC = 1
# Edit the vars below to change target settings.
SAMPLES = $(PROOT)/example
TARGETS := $(filter-out x11.exe,$(patsubst $(SAMPLES)/%.c,%.exe,$(strip $(wildcard $(SAMPLES)/*.c))))
WWWURL = http://www.libssh2.org/
WWWURL = https://www.libssh2.org/
DESCR = libssh2 $(subst .rc,,$(notdir $@)) $(LIBSSH2_VERSION_STR)
#STACK = 64000