Add more CI workflows for wolfSSH

.github/workflows/codespell.yml

@@ -0,0 +1,26 @@
+name: Codespell
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  codespell:
+    name: Check spelling
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Checkout wolfSSH
+        uses: actions/checkout@v4
+
+      - name: Run codespell
+        uses: codespell-project/actions-codespell@v2
+        with:
+          skip: .git,./ide,./keys,./certs,./m4,*.der,*.pem,*.pub
+          ignore_words_list: inout,keypair,nd,parm,ser,rcv,inh,bu,fo,te,ans,pendin,anormal,dne

.github/workflows/multi-compiler.yml

@@ -0,0 +1,99 @@
+name: Multiple Compilers
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/wolfssl
+          path: wolfssl
+
+      - name: Build wolfSSL
+        working-directory: ./wolfssl
+        run: |
+          ./autogen.sh
+          ./configure --enable-wolfssh --enable-keygen --enable-pkcallbacks
+          make -j$(nproc)
+          sudo make install
+          sudo ldconfig
+
+      - name: tar build-dir
+        run: tar -zcf wolfssl-install.tgz /usr/local/lib/libwolfssl* /usr/local/include/wolfssl
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolfssl-multi-compiler
+          path: wolfssl-install.tgz
+          retention-days: 5
+
+  compiler_test:
+    name: ${{ matrix.cc }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    needs: build_wolfssl
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - cc: gcc-11
+            cxx: g++-11
+          - cc: gcc-12
+            cxx: g++-12
+          - cc: gcc-13
+            cxx: g++-13
+          - cc: clang-14
+            cxx: clang++-14
+          - cc: clang-15
+            cxx: clang++-15
+          - cc: clang-17
+            cxx: clang++-17
+
+    steps:
+      - name: Install compiler
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y ${{ matrix.cc }}
+
+      - name: Checkout wolfSSH
+        uses: actions/checkout@v4
+
+      - name: Download wolfSSL
+        uses: actions/download-artifact@v4
+        with:
+          name: wolfssl-multi-compiler
+
+      - name: Install wolfSSL
+        run: |
+          sudo tar -xzf wolfssl-install.tgz -C /
+          sudo ldconfig
+
+      - name: Build wolfSSH with ${{ matrix.cc }}
+        env:
+          CC: ${{ matrix.cc }}
+          CXX: ${{ matrix.cxx }}
+        run: |
+          ./autogen.sh
+          ./configure CFLAGS="-Wall -Wextra -Wpedantic"
+          make -j$(nproc)
+
+      - name: Make dist
+        run: make dist
+
+      - name: Show log on errors
+        if: failure()
+        run: cat config.log

.github/workflows/sanitizer.yml

@@ -0,0 +1,104 @@
+name: Sanitizer Tests
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/wolfssl
+          path: wolfssl
+
+      - name: Build wolfSSL
+        working-directory: ./wolfssl
+        run: |
+          ./autogen.sh
+          ./configure --enable-wolfssh --enable-keygen --enable-pkcallbacks
+          make -j$(nproc)
+          sudo make install
+          sudo ldconfig
+
+      - name: tar build-dir
+        run: tar -zcf wolfssl-install.tgz /usr/local/lib/libwolfssl* /usr/local/include/wolfssl
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolfssl-sanitizer
+          path: wolfssl-install.tgz
+          retention-days: 5
+
+  sanitizer_test:
+    name: ${{ matrix.name }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    needs: build_wolfssl
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: "ASan"
+            cflags: "-fsanitize=address -fno-omit-frame-pointer -g -O1"
+            ldflags: "-fsanitize=address"
+          - name: "UBSan"
+            cflags: "-fsanitize=undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -g"
+            ldflags: "-fsanitize=undefined"
+
+    steps:
+      - name: Workaround high-entropy ASLR
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
+      - name: Checkout wolfSSH
+        uses: actions/checkout@v4
+
+      - name: Download wolfSSL
+        uses: actions/download-artifact@v4
+        with:
+          name: wolfssl-sanitizer
+
+      - name: Install wolfSSL
+        run: |
+          sudo tar -xzf wolfssl-install.tgz -C /
+          sudo ldconfig
+
+      - name: Build wolfSSH with ${{ matrix.name }}
+        run: |
+          ./autogen.sh
+          ./configure --enable-all \
+            CFLAGS="${{ matrix.cflags }}" LDFLAGS="${{ matrix.ldflags }}"
+          make -j$(nproc)
+
+      - name: Run tests
+        run: make check
+
+      - name: Show test logs on failure
+        if: failure()
+        run: |
+          echo "=== test-suite.log ==="
+          cat test-suite.log || true
+          echo ""
+          echo "=== tests/api.log ==="
+          cat tests/api.log || true
+
+      - name: Upload failure logs
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolfssh-${{ matrix.name }}-logs
+          path: |
+            test-suite.log
+            config.log
+          retention-days: 5

ChangeLog.md

@@ -134,7 +134,7 @@
 
 ---
 
-# wolfSSH v1.4.20 (Feburary 20, 2025)
+# wolfSSH v1.4.20 (February 20, 2025)
 
 ## New Features
 
@@ -733,7 +733,7 @@
 
 - Added DH Group Exchange with SHA-256 hashing to the key exchange.
 - Removed the canned banner and provided a function to set a banner string.
-  If no sting is provided, no banner is sent.
+  If no string is provided, no banner is sent.
 - Expanded the make checking to include an API test.
 - Added a function that returns session statistics.
 - When connecting to the echoserver, hitting Ctrl-E will give you some

apps/wolfssh/wolfssh.c

@@ -280,7 +280,7 @@ dispatch_semaphore_t windowSem;
 static sem_t windowSem;
 #endif
 
-/* capture window change signales */
+/* capture window change signals */
 static void WindowChangeSignal(int sig)
 {
 #if (defined(__OSX__) || defined(__APPLE__))
@@ -599,7 +599,7 @@ static int wolfSSH_AGENT_DefaultActions(WS_AgentCbAction action, void* vCtx)
         if (ret == WS_AGENT_SUCCESS) {
             WMEMSET(name, 0, sizeof(struct sockaddr_un));
             name->sun_family = AF_LOCAL;
-            WSTRNCPY(name->sun_path, sockName, sizeof(name->sun_path));
+            WSTRNCPY(name->sun_path, sockName, sizeof(name->sun_path) - 1);
             name->sun_path[sizeof(name->sun_path) - 1] = '\0';
             size = WSTRLEN(sockName) +
                     offsetof(struct sockaddr_un, sun_path);
@@ -1046,7 +1046,7 @@ static THREAD_RETURN WOLFSSH_THREAD wolfSSH_Client(void* args)
 
 #if !defined(SINGLE_THREADED) && !defined(WOLFSSL_NUCLEUS)
 #if 0
-    if (keepOpen) /* set up for psuedo-terminal */
+    if (keepOpen) /* set up for pseudo-terminal */
         ClientSetEcho(2);
 #endif
 
@@ -1070,7 +1070,7 @@ static THREAD_RETURN WOLFSSH_THREAD wolfSSH_Client(void* args)
             int err;
 
             /* exec command does not contain initial terminal size,
-             * unlike pty-req. Send an inital terminal size for recieving
+             * unlike pty-req. Send an initial terminal size for receiving
              * the results of the command */
             err = sendCurrentWindowSize(&arg);
             if (err != WS_SUCCESS) {
@@ -1117,7 +1117,7 @@ static THREAD_RETURN WOLFSSH_THREAD wolfSSH_Client(void* args)
             int err;
 
             /* exec command does not contain initial terminal size,
-             * unlike pty-req. Send an inital terminal size for recieving
+             * unlike pty-req. Send an initial terminal size for receiving
              * the results of the command */
             err = sendCurrentWindowSize(&arg);
             if (err != WS_SUCCESS) {

apps/wolfsshd/auth.c

@@ -107,7 +107,7 @@ struct WOLFSSHD_AUTH {
 #endif
 
 #if 0
-/* this could potentially be useful in a deeply embeded future port */
+/* this could potentially be useful in a deeply embedded future port */
 
 /* Map user names to passwords */
 /* Use arrays for username and p. The password or public key can
@@ -397,7 +397,7 @@ static int CheckPasswordUnix(const char* usr, const byte* pw, word32 pwSz, WOLFS
                 wolfSSH_Log(WS_LOG_ERROR,
                     "[SSHD] Error getting user password info");
                 wolfSSH_Log(WS_LOG_ERROR,
-                    "[SSHD] Possibly permisions level error?"
+                    "[SSHD] Possibly permissions level error?"
                     " i.e SSHD not ran as sudo");
                 ret = WS_FATAL_ERROR;
             }
@@ -1049,7 +1049,7 @@ static int DoCheckUser(const char* usr, WOLFSSHD_AUTH* auth)
 
     if (wolfSSHD_ConfigGetPermitRoot(auth->conf) == 0) {
         if (XSTRCMP(usr, "root") == 0) {
-            wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Login as root not permited");
+            wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Login as root not permitted");
             ret = WOLFSSH_USERAUTH_REJECTED;
         }
     }
@@ -1075,7 +1075,7 @@ static int DoCheckUser(const char* usr, WOLFSSHD_AUTH* auth)
 
 
 /* @TODO this will take in a pipe or equivalent to talk to a privileged thread
- * rathar than having WOLFSSHD_AUTH directly with privilege separation */
+ * rather than having WOLFSSHD_AUTH directly with privilege separation */
 static int RequestAuthentication(WS_UserAuthData* authData,
                                  WOLFSSHD_AUTH* authCtx)
 {
@@ -1423,7 +1423,7 @@ static int SetDefualtUserID(WOLFSSHD_AUTH* auth)
 
 
 /* Sets the default functions to be used for authentication of peer.
- * Later the default functions could be overriden if needed.
+ * Later the default functions could be overridden if needed.
  * returns a newly created WOLFSSHD_AUTH struct success */
 WOLFSSHD_AUTH* wolfSSHD_AuthCreateUser(void* heap, const WOLFSSHD_CONFIG* conf)
 {
@@ -1501,12 +1501,12 @@ int wolfSSHD_AuthRaisePermissions(WOLFSSHD_AUTH* auth)
 #ifndef WIN32
     if (auth) {
         if (setegid(auth->sGid) != 0) {
-            wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error rasing gid");
+            wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error raising gid");
             ret = WS_FATAL_ERROR;
         }
 
         if (seteuid(auth->sUid) != 0) {
-            wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error rasing uid");
+            wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error raising uid");
             ret = WS_FATAL_ERROR;
         }
     }

apps/wolfsshd/configuration.c

@@ -898,7 +898,7 @@ static int HandleMatch(WOLFSSHD_CONFIG** conf, const char* value, int valueSz)
             &newConf->groupAppliesTo);
     }
 
-    /* @TODO handle , seperated user/group list */
+    /* @TODO handle , separated user/group list */
 
     /* update current config being processed */
     if (ret == WS_SUCCESS) {

apps/wolfsshd/configuration.h

@@ -25,7 +25,7 @@ typedef struct WOLFSSHD_CONFIG WOLFSSHD_CONFIG;
 
 #include "auth.h"
 
-/* 0 so that privilage seperation is default on after struct memset'd on init */
+/* 0 so that privilege separation is default on after struct memset'd on init */
 #define WOLFSSHD_PRIV_SEPARAT 0
 #define WOLFSSHD_PRIV_SANDBOX 1
 #define WOLFSSHD_PRIV_OFF     2

apps/wolfsshd/test/README.md

@@ -1,6 +1,6 @@
 # wolfSSHd Tests
 
-These are seprate from the tests in scripts directory because of the need for
+These are separate from the tests in scripts directory because of the need for
 'sudo' when starting up an SSHd server to test against.
 
 ## Running Tests

apps/wolfsshd/test/run_all_sshd_tests.sh

@@ -134,7 +134,7 @@ else
     #run_test "error_return.sh"
     #run_test "sshd_login_grace_test.sh"
 
-    # add aditional tests here, check on var USING_LOCAL_HOST if can make sshd
+    # add additional tests here, check on var USING_LOCAL_HOST if can make sshd
     # server start/restart with changes
 
     if [ "$USING_LOCAL_HOST" == 1 ]; then

apps/wolfsshd/test/ssh_kex_algos.sh

@@ -55,7 +55,7 @@ HAVE_P521=$SUPPORTED
 printf "\n"
 
 
-# Looks through the variable OUTPUT for the block of text containg the server
+# Looks through the variable OUTPUT for the block of text containing the server
 # host key algorithms sent.
 find_substring_of_algos() {
     # Extract the substring between start and end lines