Previously, the mbed TLS implementation wouldn't be use at all when
available, being the internal implementation always used instead.
This corrects few bugs and makes the mbed TLS implementation to be used
when ChaCha20 and Poly1305 are available.
This also makes the constant time comparison to be used when checking
the authentication tag.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
OpenSSL 1.0.1 has support for CTR & GCM modes so the checks here are no
longer needed. This allows for a bunch of additional cleanup of the old
code.
As for old MacOS versions etc, LibreSSL is a kind of compatibility layer
there but things already don't work anyway with that, so it doesn't
break anything that isn't already broken. OpenSSL is needed on MacOS
separately anyway (like installed with Homebrew).
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
CRYPTO_THREADID_set_callback is available since 1.0.1 which is the
oldest supported version. This means the check and compatibility code
can be removed.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Since OpenSSL 1.0.1 is the minimum version, this function is always
available so no compatibility check is needed anymore.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The build currently breaks when attempting to link libssh.so using a statically-linked OpenSSL. -ldl and -lpthread are required when linking a binary with the static libcrypto.a. The OPENSSL_CRYPTO_LIBRARY does not include these dependencies when linking against static OpenSSL. OPENSSL_CRYPTO_LIBRARIES contains the correct dependencies in both static and shared configurations; -ldl and -lpthread are not required when linking against shared libcrypto.so.
This change changes all uses of OPENSSL_CRYPTO_LIBRARY to OPENSSL_CRYPTO_LIBRARIES to let the FindOpenSSL CMake module always provide the correct libraries at link time.
Signed-off-by: Kevin Kane <kkane@microsoft.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The build currently breaks when attempting to link libssh.so using a
statically-linked OpenSSL. -ldl and -lpthread are required when linking
a binary with the static libcrypto.a. The OPENSSL_CRYPTO_LIBRARY does
not include these dependencies when linking against static OpenSSL.
OPENSSL_CRYPTO_LIBRARIES contains the correct dependencies in both
static and shared configurations; -ldl and -lpthread are not required
when linking against shared libcrypto.so.
This change changes all uses of OPENSSL_CRYPTO_LIBRARY to
OPENSSL_CRYPTO_LIBRARIES to let the FindOpenSSL CMake module always
provide the correct libraries at link time.
Signed-off-by: Kevin Kane <kkane@microsoft.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Ensure that it is not possible to enable it back with mbedTLS
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Libgcrypt has supported ChaCha20 and Poly1305 since 1.7.0 version and
provides fast assembler implementations.
v3:
- initialize pointers to NULL
- use 'bool' for chacha20_poly1305_keysched.initialized
- pass error codes from libgcrypt calls to variable
- add SSH_LOG on error paths
v2:
- use braces for one-line blocks
- use UNUSED_PARAM/UNUSED_VAR instead of cast to void
- use calloc instead of malloc+memset
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
It is possible for OpenSSL to have the type EVP_PKEY_ED25519 in
openssl/evp.h, but not the single shot functions EVP_DigestSign() and
EVP_DigestVerify() which are required to generate Ed25519 signatures.
Only switch to use OpenSSL Ed25519 implementation when OpenSSL have all
required types and functions.
Fixes: T197
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Use the newer APIs EVP_DigestSign{Init}() and EVP_DigestVerify{Init}()
to generate and verify signatures instead of the older EVP_Sign{Init,
Update, Final} and EVP_Verify{Init, Update, Final} if supported.
Also use the single shot signature/verification if supported as all the
input is provided at once.
This is a preparation to use Ed25519 implementation from OpenSSL.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
LibreSSL does not support FIPS mode, check for FIPS_mode() in
ConfigureChecks.cmake.
Signed-off-by: Stefan Strogin <steils@gentoo.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Cleanup the KDF function to use only one function per crypto backend.
Improve the KDF function to properly handle requested lenght and to
avoid unnecessarily reallocating buffers.
In OpenSSL use the new EVP_KDF API if available.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Buffer (un)packing was broken on compilers that are not
gcc-compatible since the checks for an argument count of
-1 have been removed from ssh_buffer_(un)pack(). This
fix no longer uses GCC extensions for the __VA_NARG__
macro, but only plain C99.
Note: The macro can no longer count empty argument lists
(results in compile error) which was not needed anyway.
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This completely removes the tests filter code from torture.c and calls
cmocka_set_test_filter() instead, if available. The checks for required
libraries, headers, and the availability of cmocka_set_test_filter()
were added to the cmake configuration.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Valgrind detects many uninitialized memory false positives from
libcrypto's AES-NI internals. Roll back to software AES when running
tests.
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The commit also propares the internals throughout the code base
for the inclusion of a new AEAD cipher, because previously, the
source code counted only with chacha20-poly1305 cipher, which
is very specific in many cases.
The SSH_HMAC_AEAD_GCM mac algorithm is not actually used, but the name
needed to be defined so we can match in the algorithms selection per
OpenSSH specification (MACs are ignored in case GCM is select as a cipher [1]).
If the provided OpenSSL does not provide EVP_aes_128_gcm() function,
the AES-GCM ciphers will not be compiled in.
[1] https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?annotate=HEAD
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix the build for mbedTLS:
* set HAVE_CHACHA for non-mbedTLS builds
* only compile chachapoly.c when HAVE_CHACHA
* use empty CHACHA20 in src/kex.c unless HAVE_CHACHA
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Useful on Windows platforms where SecureZeroMemory is available.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Summary:
This patch adds support for mbedTLS as a crypto backend for libssh.
mbedTLS is an SSL/TLS library that has been designed to mainly be used
in embedded systems. It is loosely coupled and has a low memory
footprint. mbedTLS also provides a cryptography library (libmbedcrypto)
that can be used without the TLS modules.
The patch is unfortunately quite big, since several new files had to
be added.
DSA is disabled at compile time, since mbedTLS doesn't support DSA
Patch review and feedback would be appreciated, and if any issues or
suggestions appear, I'm willing to work on them.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Test Plan:
* The patch has been tested with a Debug and MinSizeRel build, with
libssh unit tests, client tests and the pkd tests.
* All the tests have been run with valgrind's memcheck, drd and helgrind
tools.
* The examples/samplessh client works when built with the patch.
Reviewers: asn, aris
Subscribers: simonsj
Differential Revision: https://bugs.libssh.org/D1
