ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность
4 208 коммитов 3 Ветки 1 Тег 7,9 MiB
60037f3275
Граф коммитов

68 Коммитов

Автор SHA1 Сообщение Дата
Jakub Jelen
46090facba libcrypto: Implement OpenSSH-compatible AES-GCM ciphers using OpenSSL 
The commit also propares the internals throughout the code base
for the inclusion of a new AEAD cipher, because previously, the
source code counted only with chacha20-poly1305 cipher, which
is very specific in many cases.

The SSH_HMAC_AEAD_GCM mac algorithm is not actually used, but the name
needed to be defined so we can match in the algorithms selection per
OpenSSH specification (MACs are ignored in case GCM is select as a cipher [1]).

If the provided OpenSSL does not provide  EVP_aes_128_gcm()  function,
the AES-GCM ciphers will not be compiled in.

[1] https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?annotate=HEAD

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-09 12:05:40 +02:00
Andreas Schneider
2e8f2f03e7 cmake: Correctly detect if glob has gl_flags member 
Thanks to Baruch Siach.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-09-17 10:48:49 +02:00
Andreas Schneider
247983e982 misc: Add strndup implementation if not provides by the OS 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-29 19:04:44 +02:00
Andreas Schneider
dbce0e5228 cmake: Fix PACKAGE and VERSION in config.h 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-13 13:44:58 +02:00
Andreas Schneider
4c058aefd9 cmake: Detect constructor and destructor attributes 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-13 09:21:17 +02:00
Andreas Schneider
206f3ff895 Rest in Peace SSHv1 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2018-06-29 14:41:14 +02:00
Andreas Schneider
bed60f9b84 kex: Enable chacha20-poly1304 KEX with mbedtls 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-29 11:41:22 +02:00
Jon Simons
c089b700c6 chacha: fix build for mbedTLS 
Fix the build for mbedTLS:
 * set HAVE_CHACHA for non-mbedTLS builds
 * only compile chachapoly.c when HAVE_CHACHA
 * use empty CHACHA20 in src/kex.c unless HAVE_CHACHA

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-28 09:06:30 +02:00
Aris Adamantiadis
ebd76bf347 cmake: detect "bounded" compiler attribute 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-28 09:06:30 +02:00
Aris Adamantiadis
acc1ade74a external: Add ChaCha and Poly1305 implementations from OpenSSH 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-28 09:06:30 +02:00
Aris Adamantiadis
c6ee41bff3 cmake: add WITH_PACKET_DEBUG option 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-04 16:55:18 +02:00
Alberto Aguirre
7e1e0e5098 misc: Use SecureZeroMemory if available for explicit_bzero 
Useful on Windows platforms where SecureZeroMemory is available.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-03-11 22:58:49 +01:00
Alberto Aguirre
3fa0e3959c misc: Use memset_s if available for explicit_bzero 
Useful on OSX where memset_s is available.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-03-11 22:58:13 +01:00
Andreas Schneider
ebcff9fd63 src: Use explicit_bzero() if available on the platform 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-02-12 14:41:27 +01:00
Juraj Vijtiuk
778652460f add mbedtls crypto support 
Summary:
This patch adds support for mbedTLS as a crypto backend for libssh.
mbedTLS is an SSL/TLS library that has been designed to mainly be used
in embedded systems.  It is loosely coupled and has a low memory
footprint.  mbedTLS also provides a cryptography library (libmbedcrypto)
that can be used without the TLS modules.
The patch is unfortunately quite big, since several new files had to
be added.
DSA is disabled at compile time, since mbedTLS doesn't support DSA
Patch review and feedback would be appreciated, and if any issues or
suggestions appear, I'm willing to work on them.

Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>

Test Plan:
* The patch has been tested with a Debug and MinSizeRel build, with
libssh unit tests, client tests and the pkd tests.
* All the tests have been run with valgrind's memcheck, drd and helgrind
tools.
* The examples/samplessh client works when built with the patch.

Reviewers: asn, aris

Subscribers: simonsj

Differential Revision: https://bugs.libssh.org/D1
 2017-12-28 11:17:39 +01:00
Jakub Jelen
b8e301ade3 config: Add CMake check for glob() 2017-12-21 11:43:19 +01:00
Andreas Schneider
a9846ccc0d cmake: Add check for fallthrough attribute 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-08-25 10:06:00 +02:00
Andreas Schneider
c7e9dc2ee3 cmake: Check for EVP_CIPHER_CTX_new 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-02-23 16:54:26 +01:00
Andreas Schneider
3daf1760a1 cmake: Use configure check for CRYPTO_ctr128_encrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:47 +01:00
Andreas Schneider
2dff359a33 threads: Use new API call for OpenSSL CRYPTO THREADID 
BUG: https://red.libssh.org/issues/222

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:47 +01:00
Andreas Schneider
5d1a8cd88b cmake: Check for io.h on Windows 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-06 11:57:52 +01:00
Andreas Schneider
528b9c5323 cmake: Correctly check for sys/[u]time.h 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-06 11:52:12 +01:00
Aris Adamantiadis
84a85803b4 crypto: old-fashioned aes_ctr when evp_aes_ctr is missing 2015-09-25 11:51:45 +02:00
Andreas Schneider
c4af6fbce3 config: Add missing HAVE_ARPA_INET_H define 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 10:04:26 +02:00
Andreas Schneider
dbe7df7571 cmake: Detect __func__ and __FUNCTION__ during configure step 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-02 13:41:02 +02:00
Aris Adamantiadis
a653e27a2e buffer: detect compilers not supporting __VA_ARGS__ 2015-02-08 18:49:02 +01:00
Andreas Schneider
b7b535816d libcrypto: Fix Windows build with ssh_reseed(). 
gettimeofday() is not available on Windows and we need it only in case
of forking.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2014-12-17 19:39:18 +01:00
Audrius Butkevicius
afe97d6cab examples: Add ssh_server_fork example 
Signed-off-by: Audrius Butkevicius <audrius.butkevicius@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-02-16 17:52:50 +01:00
Audrius Butkevicius
00949383f4 config: Add missing HAVE_LIBUTIL_H define in config.h 
Signed-off-by: Audrius Butkevicius <audrius.butkevicius@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-02-16 17:45:47 +01:00
Aris Adamantiadis
ebf4a03908 examples: fix forktty() warning on OSX 2013-11-03 14:10:04 +01:00
Aris Adamantiadis
f565aeebfa Compile libssh with nacl if possible 
Conflicts:
	DefineOptions.cmake
 2013-11-03 13:18:26 +01:00
Andreas Schneider
cfea381307 cmake: Check for isblank(). 2013-10-30 17:30:07 +01:00
Andreas Schneider
df81a05505 cmake: Check for unistd.h. 2013-07-23 10:44:51 +02:00
Andreas Schneider
1829e9981b cmake: Check for HAVE_GCC_VOLATILE_MEMORY_PROTECTION. 
This ensures that the memset call is not optimized out by the compiler
(works works with gcc and clang).
 2013-07-23 10:44:39 +02:00
Andreas Schneider
8ff6a7a850 cmake: Check for _strtoui64() on Windows. 2013-07-22 13:01:36 +02:00
Andreas Schneider
73309f19e5 cmake: Check if we have Thread Local Storage support. 2013-07-14 12:36:35 +02:00
Andreas Schneider
1663917f71 cmake: Make GSSAPI optional. 2013-07-13 15:48:49 +02:00
Andreas Schneider
b14df297fa BUG 97: Fix strtoull() detection on serveral platforms. 2012-12-03 14:00:06 +01:00
Andreas Schneider
3896aa43ff BUG 96: Guard ntohll() and htonll prototypes correctly. 2012-12-03 13:44:02 +01:00
Andreas Schneider
3e83bc665f cmake: Enable ECC support for GCrypt 1.5.0 or newer. 2012-02-04 20:25:07 +01:00
Andreas Schneider
fa37965ab0 cmake: Add a define to see if we have ecc support. 2012-02-04 18:37:04 +01:00
Andreas Schneider
6859e4f4ec build: Fix zlib support. 2011-09-23 22:57:21 +02:00
Andreas Schneider
dc42a1757f gzip: Fix zlib support. 2011-09-18 21:37:18 +02:00
Andreas Schneider
85d12f6774 cmake: Add ec.h and ecdsa.h checks. 2011-08-30 00:44:46 +02:00
Aris Adamantiadis
c5a998f47a [crypto] initial support for ecdh-sha2-nistp256 
Works with openssl
Still requires work for libgcrypt and other modes
 2011-06-13 13:46:34 +02:00
Andreas Schneider
640e3830f2 build: Check for ntohll(). 
This function is available on AIX.
 2011-06-06 18:56:30 +02:00
Andreas Schneider
8b73609e47 cmake: Remove unused regcomp check. 2011-05-25 22:09:41 +02:00
Andreas Schneider
07fb895fe9 cmake: Fix detection of clock_gettime. 2011-05-25 22:08:31 +02:00
Andreas Schneider
b4c62ac9ea server: Replace gethostbyname() with getaddrinfo(). 
Fixes rlo#13.
 2010-12-27 21:51:55 +01:00
Andreas Schneider
f97928c740 build: Fixed checking for printf function on Windows. 2010-09-02 11:50:21 +02:00