ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность
4 208 коммитов 3 Ветки 1 Тег 7,9 MiB
60037f3275
Граф коммитов

131 Коммитов

Автор SHA1 Сообщение Дата
Jakub Jelen
46090facba libcrypto: Implement OpenSSH-compatible AES-GCM ciphers using OpenSSL 
The commit also propares the internals throughout the code base
for the inclusion of a new AEAD cipher, because previously, the
source code counted only with chacha20-poly1305 cipher, which
is very specific in many cases.

The SSH_HMAC_AEAD_GCM mac algorithm is not actually used, but the name
needed to be defined so we can match in the algorithms selection per
OpenSSH specification (MACs are ignored in case GCM is select as a cipher [1]).

If the provided OpenSSL does not provide  EVP_aes_128_gcm()  function,
the AES-GCM ciphers will not be compiled in.

[1] https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?annotate=HEAD

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-09 12:05:40 +02:00
Andreas Schneider
1d7520b68a cmake: Add -Wattributs for configure checks 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-09-25 14:37:25 +02:00
Andreas Schneider
2e8f2f03e7 cmake: Correctly detect if glob has gl_flags member 
Thanks to Baruch Siach.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-09-17 10:48:49 +02:00
Andreas Schneider
247983e982 misc: Add strndup implementation if not provides by the OS 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-29 19:04:44 +02:00
Andreas Schneider
4de8ed684b cmake: Check if the linker supports version scripts 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-27 09:29:24 +02:00
Andreas Schneider
26a4097742 cmake: Check for -Werror in ConfigureChecks.cmake 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-20 18:42:03 +02:00
Andreas Schneider
4104d2fb91 cmake: Correctly detect support for __bounded__ attribute 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-16 17:45:56 +02:00
Andreas Schneider
6aa9392699 cmake: Only set -Werror on UNIX 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-13 21:48:48 +02:00
Andreas Schneider
dbce0e5228 cmake: Fix PACKAGE and VERSION in config.h 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-13 13:44:58 +02:00
Andreas Schneider
4c058aefd9 cmake: Detect constructor and destructor attributes 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-13 09:21:17 +02:00
Andreas Schneider
8c2ad7bdd3 cmake: Fix fallthrough attribute detection 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-13 09:15:35 +02:00
Andreas Schneider
e04a8b3abd cmake: Fix check for bounded attribute 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-13 09:14:15 +02:00
Andreas Schneider
38c53db953 libcrypto: Use new RAND_priv_bytes() for strong randomness 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-07-05 12:12:17 +02:00
Andreas Schneider
6a715b80d6 cmake: Unset CMAKE_REQUIRED_* variables 
This should fix the 'gcc -m32' build!

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-30 15:27:09 +02:00
Andreas Schneider
bed60f9b84 kex: Enable chacha20-poly1304 KEX with mbedtls 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-29 11:41:22 +02:00
Jon Simons
c089b700c6 chacha: fix build for mbedTLS 
Fix the build for mbedTLS:
 * set HAVE_CHACHA for non-mbedTLS builds
 * only compile chachapoly.c when HAVE_CHACHA
 * use empty CHACHA20 in src/kex.c unless HAVE_CHACHA

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-28 09:06:30 +02:00
Aris Adamantiadis
ebd76bf347 cmake: detect "bounded" compiler attribute 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-28 09:06:30 +02:00
Aris Adamantiadis
acc1ade74a external: Add ChaCha and Poly1305 implementations from OpenSSH 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-28 09:06:30 +02:00
Aris Adamantiadis
c6ee41bff3 cmake: add WITH_PACKET_DEBUG option 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-04 16:55:18 +02:00
Alberto Aguirre
7e1e0e5098 misc: Use SecureZeroMemory if available for explicit_bzero 
Useful on Windows platforms where SecureZeroMemory is available.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-03-11 22:58:49 +01:00
Alberto Aguirre
3fa0e3959c misc: Use memset_s if available for explicit_bzero 
Useful on OSX where memset_s is available.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-03-11 22:58:13 +01:00
Andreas Schneider
81847bf513 priv: Implement explicit_bzero as a function if not available 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Alberto Aguirre <albaguirre@gmail.com>
 2018-03-02 18:07:42 +01:00
Andreas Schneider
ebcff9fd63 src: Use explicit_bzero() if available on the platform 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-02-12 14:41:27 +01:00
Juraj Vijtiuk
778652460f add mbedtls crypto support 
Summary:
This patch adds support for mbedTLS as a crypto backend for libssh.
mbedTLS is an SSL/TLS library that has been designed to mainly be used
in embedded systems.  It is loosely coupled and has a low memory
footprint.  mbedTLS also provides a cryptography library (libmbedcrypto)
that can be used without the TLS modules.
The patch is unfortunately quite big, since several new files had to
be added.
DSA is disabled at compile time, since mbedTLS doesn't support DSA
Patch review and feedback would be appreciated, and if any issues or
suggestions appear, I'm willing to work on them.

Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>

Test Plan:
* The patch has been tested with a Debug and MinSizeRel build, with
libssh unit tests, client tests and the pkd tests.
* All the tests have been run with valgrind's memcheck, drd and helgrind
tools.
* The examples/samplessh client works when built with the patch.

Reviewers: asn, aris

Subscribers: simonsj

Differential Revision: https://bugs.libssh.org/D1
 2017-12-28 11:17:39 +01:00
Jakub Jelen
b8e301ade3 config: Add CMake check for glob() 2017-12-21 11:43:19 +01:00
Andreas Schneider
a9846ccc0d cmake: Add check for fallthrough attribute 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-08-25 10:06:00 +02:00
Andreas Schneider
c7e9dc2ee3 cmake: Check for EVP_CIPHER_CTX_new 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-02-23 16:54:26 +01:00
Andreas Schneider
3daf1760a1 cmake: Use configure check for CRYPTO_ctr128_encrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:47 +01:00
Andreas Schneider
2dff359a33 threads: Use new API call for OpenSSL CRYPTO THREADID 
BUG: https://red.libssh.org/issues/222

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:47 +01:00
Andreas Schneider
5d1a8cd88b cmake: Check for io.h on Windows 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-06 11:57:52 +01:00
Andreas Schneider
528b9c5323 cmake: Correctly check for sys/[u]time.h 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-06 11:52:12 +01:00
Andreas Schneider
fab85b495e cmake: Always check for strtoull 
This fixes building with different compilers on Windows

BUG: https://red.libssh.org/issues/225

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-06 11:41:48 +01:00
Andreas Schneider
1bf6c965e4 cmake: Correctly check for *snprintf functions on Windows 
BUG: https://red.libssh.org/issues/205

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-05 16:39:37 +01:00
Justus Winter
f62cded9f0 pki_gcrypt: Handle ECDSA keys and signatures 
* ConfigureChecks.cmake: Set 'HAVE_ECC' and 'HAVE_GCRYPT_ECC' if
applicable.
* include/libssh/pki.h (struct ssh_key_struct): Fix type of field
'ecdsa'.
(struct ssh_signature_struct): Likewise for 'ecdsa_sig'.
* src/pki.c (ssh_pki_key_ecdsa_name): Relax guard now that the used
function is also provided by the gcrypt backend.
(ssh_signature_free): Free ecdsa signature.
* src/pki_gcrypt.c (ECDSA_HEADER_{BEGIN,END}): New macros.
(privatekey_string_to_buffer): Handle ECDSA keys.
(pki_key_ecdsa_to_nid): New function.
(pki_key_ecdsa_nid_to_gcrypt_name): Likewise.
(pki_key_ecdsa_nid_to_name): Likewise.
(pki_key_ecdsa_nid_to_char): Likewise.
(pki_key_ecdsa_nid_from_name): Implement.
(asn1_oi_to_nid): New function.
(b64decode_ecdsa_privatekey): Likewise.
(pki_private_key_from_base64): Handle ECDSA keys.
(pki_pubkey_build_ecdsa): Implement.
(pki_key_dup): Handle ECDSA keys.
(pki_key_generate): Likewise.
(pki_key_generate_ecdsa): Implement.
(pki_key_compare): Handle ECDSA keys.
(pki_publickey_to_blob): Likewise.
(pki_signature_from_blob): Likewise.
(pki_signature_verify): Likewise.
(pki_do_sign): Likewise.
(pki_do_sign_sessionid): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-03 15:20:30 +01:00
Andreas Schneider
2384236849 cmake: Try to fix FindArgp module 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-03-17 10:42:52 +01:00
Aris Adamantiadis
5027627344 cmake: detect argp.h on osx 2016-03-14 22:27:06 +01:00
pouete
b3ad6a015b cmake: use check_symbol for (v)snprintf 
Updated how snprintf and vsnprintf are discovered by cmake. Visual studio
2015 now include it in the file stdio.h.
More information here :
https://msdn.microsoft.com/en-us/library/bb531344.aspx

Reviewed-By: Aris Adamantiadis <aris@0xbadc0de.be>
 2015-12-30 19:51:11 +01:00
Sebastián Peyrott
be36586d74 CMake: include CheckIncludeFiles for calls to check_include_files. 2015-12-24 13:01:37 +01:00
Andreas Schneider
21bf499bb4 agent: Fix agent auth on big endian machines 
BUG: https://red.libssh.org/issues/204

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-10-20 17:16:38 +02:00
Aris Adamantiadis
0409a302bb cmake: fix EVP detection with gcc 2015-09-25 12:00:25 +02:00
Aris Adamantiadis
84a85803b4 crypto: old-fashioned aes_ctr when evp_aes_ctr is missing 2015-09-25 11:51:45 +02:00
Andreas Schneider
613b71b385 cmake: Fix OpenSSL detection in non-standard path 
This should fix the detection on Windows.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-07-03 11:38:58 +02:00
Andreas Schneider
70cc11618a cmake: Fail if can't find OpenSSL aes and des headers 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-07-03 10:51:36 +02:00
Andreas Schneider
195f25cfbd cmake: Detect network function correctly on Windows 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-10 13:32:09 +02:00
Andreas Schneider
b1cb8de385 cmake: Check for sys/param.h header file 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-10 13:07:12 +02:00
Andreas Schneider
69c9cd029f cmake: Check for arpa/inet.h header file 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-10 13:02:56 +02:00
Andreas Schneider
dbe7df7571 cmake: Detect __func__ and __FUNCTION__ during configure step 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-02 13:41:02 +02:00
Aris Adamantiadis
a653e27a2e buffer: detect compilers not supporting __VA_ARGS__ 2015-02-08 18:49:02 +01:00
Andreas Schneider
8536cd9808 cmake: Fix ntohll and htonll macro detection. 
BUG: https://red.libssh.org/issues/164

Thanks to Ryan Schmidt!

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-01-13 08:53:42 +01:00
Andreas Schneider
b7b535816d libcrypto: Fix Windows build with ssh_reseed(). 
gettimeofday() is not available on Windows and we need it only in case
of forking.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2014-12-17 19:39:18 +01:00