add CI test against master and last two wolfSSL releases

.github/workflows/os-check.yml

@@ -10,15 +10,28 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-env:
-  WOLFSSL_REF: v5.7.0-stable
-
 jobs:
+  create_matrix:
+    runs-on: ubuntu-latest
+    outputs:
+        versions: ${{ steps.json.outputs.versions }}
+    steps:
+      - name: Create wolfSSL version matrix
+        id: json
+        run: |
+          current=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -1`
+          last=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -2 | tail -1`
+          VERSIONS=$(echo "[ \"master\", \"$current\", \"$last\" ]")
+          echo "wolfSSL versions found: $VERSIONS"
+          echo "versions=$VERSIONS" >> $GITHUB_OUTPUT
+
   build_wolfssl:
+    needs: create_matrix
     strategy:
       fail-fast: false
       matrix:
         os: [ ubuntu-latest, macos-latest ]
+        wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }}
     name: Build wolfssl
     runs-on: ${{ matrix.os }}
     timeout-minutes: 4
@@ -28,25 +41,32 @@ jobs:
         id: cache-wolfssl
         with:
           path: build-dir/
-          key: wolfssh-os-check-wolfssl-${{ env.WOLFSSL_REF }}-${{ matrix.os }}
+          key: wolfssh-os-check-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }}
           lookup-only: true
 
+      - name: debug
+        run: echo wolfssl version ${{ matrix.wolfssl }}
+
       - name: Checkout, build, and install wolfssl
         if: steps.cache-wolfssl.outputs.cache-hit != 'true'
         uses: wolfSSL/actions-build-autotools-project@v1
         with:
           repository: wolfssl/wolfssl
-          ref: ${{ env.WOLFSSL_REF }}
+          ref: ${{ matrix.wolfssl }}
           path: wolfssl
           configure: --enable-all
           check: false
           install: true
 
   build_wolfssh:
+    needs:
+      - build_wolfssl
+      - create_matrix
     strategy:
       fail-fast: false
       matrix:
         os: [ ubuntu-latest, macos-latest ]
+        wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }}
         config: [
           '',
           '--enable-all',
@@ -57,13 +77,12 @@ jobs:
     name: Build wolfssh
     runs-on: ${{ matrix.os }}
     timeout-minutes: 4
-    needs: build_wolfssl
     steps:
       - name: Checking cache for wolfssl
         uses: actions/cache@v4
         with:
           path: build-dir/
-          key: wolfssh-os-check-wolfssl-${{ env.WOLFSSL_REF }}-${{ matrix.os }}
+          key: wolfssh-os-check-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }}
           fail-on-cache-miss: true
 
       - name: Checkout, build, and test wolfssh

.github/workflows/sshd-test.yml

@@ -6,27 +6,94 @@ on:
   pull_request:
     branches: [ '*' ]
 
-jobs:
-  build:
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
+jobs:
+  create_matrix:
     runs-on: ubuntu-latest
+    outputs:
+        versions: ${{ steps.json.outputs.versions }}
+    steps:
+      - name: Create wolfSSL version matrix
+        id: json
+        run: |
+          current=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -1`
+          last=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -2 | tail -1`
+          VERSIONS=$(echo "[ \"master\", \"$current\", \"$last\" ]")
+          echo "wolfSSL versions found: $VERSIONS"
+          echo "versions=$VERSIONS" >> $GITHUB_OUTPUT
+
+  build_wolfssl:
+    needs: create_matrix
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+        wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }}
+    name: Build wolfssl
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 4
+    steps:
+      - name: Checking cache for wolfssl
+        uses: actions/cache@v4
+        id: cache-wolfssl
+        with:
+          path: build-dir/
+          key: wolfssh-sshd-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }}
+          lookup-only: true
+
+      - name: Checkout, build, and install wolfssl
+        if: steps.cache-wolfssl.outputs.cache-hit != 'true'
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: wolfssl/wolfssl
+          ref: ${{ matrix.wolfssl }}
+          path: wolfssl
+          configure: --enable-all
+          check: false
+          install: true
 
+  build_wolfssh:
+    needs:
+      - build_wolfssl
+      - create_matrix
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+        wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }}
+    name: Build and test wolfsshd
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 10
     steps:
-    - uses: actions/checkout@v2
-      with:
-          repository: wolfSSL/wolfssl.git
-          ref: master
-    - name: build wolfSSL
-      run: ./autogen.sh && ./configure --enable-all --prefix=/usr && make && sudo make install
-    - uses: actions/checkout@v2
-    - name: autogen
-      run: ./autogen.sh
-    - name: configure
-      run: ./configure --enable-all CPPFLAGS="-DWOLFSSH_NO_FPKI -DWOLFSSH_NO_SFTP_TIMEOUT -DWOLFSSH_MAX_SFTP_RW=4000000"
-    - name: make
-      run: make
-    - name: make check
-      run: make check
-    - name: run wolfSSHd tests
-      run: sudo ./run_all_sshd_tests.sh root
-      working-directory: ./apps/wolfsshd/test
+      - name: Checking cache for wolfssl
+        uses: actions/cache@v4
+        with:
+          path: build-dir/
+          key: wolfssh-sshd-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }}
+          fail-on-cache-miss: true
+
+      - uses: actions/checkout@v4
+        with:
+          path: wolfssh/
+
+      - name: autogen
+        working-directory: ./wolfssh/
+        run: ./autogen.sh
+
+      - name: configure
+        working-directory: ./wolfssh/
+        run : |
+          ./configure --enable-all LDFLAGS="-L${{ github.workspace }}/build-dir/lib" CPPFLAGS="-I${{ github.workspace }}/build-dir/include -DWOLFSSH_NO_FPKI -DWOLFSSH_NO_SFTP_TIMEOUT -DWOLFSSH_MAX_SFTP_RW=4000000 -DMAX_PATH_SZ=120"
+
+      - name: make check
+        working-directory: ./wolfssh/
+        run: make check
+
+      - name: Run wolfSSHd tests
+        working-directory: ./wolfssh/apps/wolfsshd/test
+        run: |
+          git log -3
+          sudo ./run_all_sshd_tests.sh

.github/workflows/zephyr.yml

@@ -14,7 +14,7 @@ jobs:
         config:
           - zephyr-ref: v3.4.0
             zephyr-sdk: 0.16.1
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 20
     steps:

apps/wolfsshd/test/sshd_forcedcmd_test.sh

@@ -4,7 +4,7 @@
 
 if [ -z "$1" ] || [ -z "$2" ]; then
     echo "expecting host and port as arguments"
-    echo "./sshd_exec_test.sh 127.0.0.1 22222"
+    echo "$0 127.0.0.1 22222"
     exit 1
 fi
 
@@ -37,8 +37,9 @@ TEST_SFTP="./examples/sftpclient/wolfsftp"
 PRIVATE_KEY="./keys/hansel-key-ecc.der"
 PUBLIC_KEY="./keys/hansel-key-ecc.pub"
 
-RESULT=`$TEST_CLIENT -c 'echo bob' -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT`
-cat $RESULT | grep bob
+RESULT=$( $TEST_CLIENT -c 'echo bob' -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT )
+echo $RESULT
+echo $RESULT | grep bob
 RESULT=$?
 if [ "$RESULT" == 0 ]; then
     echo "Shell login should fail with forced command"

apps/wolfsshd/test/sshd_term_size_test.sh

@@ -15,21 +15,36 @@ if [ -z "$1" ] || [ -z "$2" ]; then
     exit 1
 fi
 
-set -e
+# Check if tmux is available
+which tmux
+RESULT=$?
+if [ ${RESULT} = 1 ]; then
+    echo "tmux is not installed!!"
+    exit 1
+fi
+
 echo "Creating tmux session at $PWD with command :"
-tmux new-session -d -s test "$TEST_CLIENT -t -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\""
+echo "tmux new-session -d -s test \"$TEST_CLIENT -q -t -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\"\""
+tmux new-session -d -s test "$TEST_CLIENT -q -t -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\""
+echo "Result of tmux new-session = $?"
 
 # give the command a second to establish SSH connection
-sleep 0.5
+sleep 1
 
 COL=`tmux display -p -t test '#{pane_width}'`
 ROW=`tmux display -p -t test '#{pane_height}'`
+echo "tmux 'test' session has COL = ${COL} and ROW = ${ROW}"
 
 # get the terminals columns and lines
 tmux send-keys -t test 'echo;echo $COLUMNS $LINES;echo'
 tmux send-keys -t test 'ENTER'
+
+# give the command a second to run
+sleep 1
+
 tmux capture-pane -t test
 RESULT=$(tmux show-buffer | grep '^[0-9]* [0-9]*$')
+tmux show-buffer
 
 echo "$RESULT"
 echo ""
@@ -55,25 +70,32 @@ fi
 # close down the SSH session
 tmux send-keys -t test 'exit'
 tmux send-keys -t test 'ENTER'
-set +e
 
 # kill off the session if it's still running, but don't error out if the session
 # has already closed down
 tmux kill-session -t test
 set -e
 
-tmux new-session -d -x 50 -y 10 -s test "$TEST_CLIENT -t -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\""
+echo "Starting another session with a smaller window size"
+echo "tmux new-session -d -x 50 -y 10 -s test \"$TEST_CLIENT -q -t -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\"\""
+tmux new-session -d -x 50 -y 10 -s test "$TEST_CLIENT -q -t -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\""
 
 # give the command a second to establish SSH connection
-sleep 0.5
+sleep 1
 
+echo "Sending keys to tmux session for displaying column/rows"
 tmux send-keys -t test 'echo;echo $COLUMNS $LINES;echo'
 tmux send-keys -t test 'ENTER'
 tmux capture-pane -t test
 RESULT=$(tmux show-buffer | grep '^[0-9]* [0-9]*$')
 
-ROW_FOUND=$(echo "$RESULT" | sed -e 's/[0-9]* \([0-9]*\)/\1/')
-COL_FOUND=$(echo "$RESULT" | sed -e 's/\([0-9]*\) [0-9]*/\1/')
+ROW_FOUND=$( echo "$RESULT" | sed -e 's/[0-9]* \([0-9]*\)/\1/' )
+COL_FOUND=$( echo "$RESULT" | sed -e 's/\([0-9]*\) [0-9]*/\1/' )
+
+#remove any newlines, tabs, or returns
+ROW_FOUND=$( tr -d '\n\t\r ' <<<"$ROW_FOUND" )
+COL_FOUND=$( tr -d '\n\t\r ' <<<"$COL_FOUND" )
+
 
 if [ "50" != "$COL_FOUND" ]; then
     echo "Col found was $COL_FOUND which does not match expected 50"

apps/wolfsshd/test/sshd_window_full_test.sh

@@ -42,7 +42,11 @@ PUBLIC_KEY="./keys/hansel-key-ecc.pub"
 head -c 1G /dev/urandom > random-test.txt
 
 PWD=`pwd`
-$TEST_CLIENT -c "cd $PWD; $TEST_CLIENT -c \"cat $PWD/random-test.txt\" -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT" -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT > random-test-result.txt
+echo "$TEST_CLIENT -q -c \"cd $PWD; $TEST_CLIENT -q -c \"cat $PWD/random-test.txt\" -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT\" -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT > random-test-result.txt"
+
+$TEST_CLIENT -q -c "cd $PWD; $TEST_CLIENT -q -c \"cat $PWD/random-test.txt\" -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT" -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT > random-test-result.txt
+
+ls -la random-test*
 
 diff random-test.txt random-test-result.txt
 RESULT=$?

apps/wolfsshd/test/sshd_x509_test.sh

@@ -7,7 +7,7 @@ cd ../../..
 
 if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then
     echo "expecting host, port and user as arguments"
-    echo "./sshd_x509_text.sh 127.0.0.1 22222 user"
+    echo "$0 127.0.0.1 22222 user"
     exit 1
 fi
 
@@ -17,13 +17,13 @@ PUBLIC_KEY="./keys/$3-cert.der"
 CA_CERT="./keys/ca-cert-ecc.der"
 
 set -e
-echo "$TEST_CLIENT -c 'pwd' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\""
-$TEST_CLIENT -c 'pwd' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2"
+echo "$TEST_CLIENT -X -c 'pwd' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\""
+$TEST_CLIENT -X -c 'pwd' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2"
 set +e
 
 rm -f error.txt
-echo "$TEST_CLIENT -c 'ls error' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\" 2> error.txt"
-$TEST_CLIENT -c 'ls error' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2" 2> error.txt
+echo "$TEST_CLIENT -X -c 'ls error' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\" 2> error.txt"
+$TEST_CLIENT -X -c 'ls error' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2" 2> error.txt
 
 # check stderr output was caught
 if [ ! -s error.txt ]; then
@@ -36,4 +36,3 @@ rm -f error.txt
 cd $PWD
 exit 0
 
-

examples/client/client.c

@@ -120,6 +120,7 @@ static void ShowUsage(void)
 #endif
     printf(" -E            List all possible algos\n");
     printf(" -k            set the list of key algos to use\n");
+    printf(" -q            turn off debugging output\n");
 }
 
 
@@ -658,7 +659,7 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args)
 
     (void)keepOpen;
 
-    while ((ch = mygetopt(argc, argv, "?ac:h:i:j:p:tu:xzNP:RJ:A:XeEk:")) != -1) {
+    while ((ch = mygetopt(argc, argv, "?ac:h:i:j:p:tu:xzNP:RJ:A:XeEk:q")) != -1) {
         switch (ch) {
             case 'h':
                 host = myoptarg;
@@ -671,6 +672,10 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args)
             #endif
                 break;
 
+            case 'q':
+                wolfSSH_Debugging_OFF();
+                break;
+
             case 'e':
                 userEcc = 1;
                 break;

keys/renewcerts.sh

@@ -6,7 +6,7 @@ else
     USER_NAME=$1
     cp fred-key.der $USER_NAME-key.der
     cp fred-key.pem $USER_NAME-key.pem
-    sed -i "s/fred/$USER_NAME/g" renewcerts.cnf
+    sed -i.bak "s/fred/$USER_NAME/g" renewcerts.cnf
 fi
 
 # renew CA

src/internal.c

@@ -14047,7 +14047,6 @@ int SendUserAuthRequest(WOLFSSH* ssh, byte authType, int addSig)
 
         payloadSz = MSG_ID_SZ + (LENGTH_SZ * 3) +
                     ssh->userNameSz + serviceNameSz + authNameSz;
-
         if (authId == ID_USERAUTH_PASSWORD)
             ret = PrepareUserAuthRequestPassword(ssh, &payloadSz, &authData);
         else if (authId == ID_USERAUTH_PUBLICKEY && !ssh->userAuthPkDone) {