aboutsummaryrefslogtreecommitdiff
path: root/config.h.cmake
AgeCommit message (Collapse)AuthorFilesLines
2024-01-02Fix typos detected with new codespellJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2023-03-01Add support for PKCS#11 provider in OpenSSL 3.0Jakub Jelen1-0/+3
The engine API in OpenSSL 3.0 is deprecated so we are in the progress of working on a PKCS#11 provider for OpenSSL. This commit introduces a conditional build with the pkcs11-provider support (instead of engines) with all the changes required for the provider to work with existing code and tests. The CI modification is only temporary before we will have the real package in Fedora or somewhere to use. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com>
2023-02-02Remove support for DSA KeysMohammad Shehar Yaar Tausif1-3/+0
Solving issue #110. The original work is at !231 Some changes were needed because the newly added features in master through time Signed-off-by: Mohammad Shehar Yaar Tausif <sheharyaar48@gmail.com> Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-10-31ConfigureChecks.cmake: Remove implicitly included function checksNorbert Pocs1-18/+0
Removing support for older openssl versions than 1.1.1 makes some functions implicitly included; we do not have to check the availability of these functions. Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-10-12Fix various spelling issues reported by codespellJakub Jelen1-3/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-08-30cmake: Check for weak attributeAndreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-12Change cmake files for new openssl APINorbert Pocs1-2/+2
The new API does not provide EVP_KDF_CTX_new_id function, insted it works with EVP_KDF_CTX_new and fetching the algorithm. Adding a check for both to make it work with the new API too. Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-01-11Cleanup AES compatibility codeDirkjan Bussink1-12/+0
OpenSSL 1.0.1 has support for CTR & GCM modes so the checks here are no longer needed. This allows for a bunch of additional cleanup of the old code. As for old MacOS versions etc, LibreSSL is a kind of compatibility layer there but things already don't work anyway with that, so it doesn't break anything that isn't already broken. OpenSSL is needed on MacOS separately anyway (like installed with Homebrew). Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-01-11Remove no longer needed compatibility checkDirkjan Bussink1-3/+0
CRYPTO_THREADID_set_callback is available since 1.0.1 which is the oldest supported version. This means the check and compatibility code can be removed. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-01-11Remove no longer needed compatibility functionDirkjan Bussink1-3/+0
Since OpenSSL 1.0.1 is the minimum version, this function is always available so no compatibility check is needed anymore. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-05Add basic support for none cipher and MACsJakub Jelen1-0/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-01-23Implement ChaCha20-poly1305 cipher using native OpenSSLJakub Jelen1-0/+6
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20cmake: Add new option for PKCS11 URI supportSahana Prasad1-0/+3
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-16libgcrypt: Implement chacha20-poly1305@openssh.com cipher using libgcryptJussi Kivilinna1-0/+3
Libgcrypt has supported ChaCha20 and Poly1305 since 1.7.0 version and provides fast assembler implementations. v3: - initialize pointers to NULL - use 'bool' for chacha20_poly1305_keysched.initialized - pass error codes from libgcrypt calls to variable - add SSH_LOG on error paths v2: - use braces for one-line blocks - use UNUSED_PARAM/UNUSED_VAR instead of cast to void - use calloc instead of malloc+memset Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-09-24cmake: Detect OpenSSL X25519 supportAnderson Toshiyuki Sasaki1-0/+3
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24cmake: Detect OpenSSL support for Ed25519Anderson Toshiyuki Sasaki1-0/+3
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki_crypto: Use EVP_DigestSign* and EVP_DigestVerify*Anderson Toshiyuki Sasaki1-0/+6
Use the newer APIs EVP_DigestSign{Init}() and EVP_DigestVerify{Init}() to generate and verify signatures instead of the older EVP_Sign{Init, Update, Final} and EVP_Verify{Init, Update, Final} if supported. Also use the single shot signature/verification if supported as all the input is provided at once. This is a preparation to use Ed25519 implementation from OpenSSL. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04libcrypto: fix compilation with LibreSSLStefan Strogin1-0/+3
LibreSSL does not support FIPS mode, check for FIPS_mode() in ConfigureChecks.cmake. Signed-off-by: Stefan Strogin <steils@gentoo.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04cmake: Use GNUInstallDirs for installationAndreas Schneider1-4/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-05-14cmake,options: Allow to set global client config fileAnderson Toshiyuki Sasaki1-0/+3
This allows the global client (ssh_session) configuration file path to be set in configuration time by defining GLOBAL_CLIENT_CONFIG when calling cmake. If it is not defined, the default path is set as "/etc/ssh/ssh_config". usage example: $ cmake -DGLOBAL_CLIENT_CONFIG=/etc/my/custom/path .. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-01cmake,options: Allow to set global bind config fileAnderson Toshiyuki Sasaki1-0/+3
This allows the global bind configuration file path to be set in configuration time by defining the GLOBAL_BIND_CONFIG when calling cmake. If no value is defined, the default path is set as "/etc/ssh/libssh_server_config". usage example: $ cmake -DGLOBAL_BIND_CONFIG=/etc/my/custom/path .. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-07Use a common KDF functionSimo Sorce1-0/+3
Cleanup the KDF function to use only one function per crypto backend. Improve the KDF function to properly handle requested lenght and to avoid unnecessarily reallocating buffers. In OpenSSL use the new EVP_KDF API if available. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-21buffer: Fix regression introduced by 6c7eaa and c306a6Tilo Eckert1-1/+0
Buffer (un)packing was broken on compilers that are not gcc-compatible since the checks for an argument count of -1 have been removed from ssh_buffer_(un)pack(). This fix no longer uses GCC extensions for the __VA_NARG__ macro, but only plain C99. Note: The macro can no longer count empty argument lists (results in compile error) which was not needed anyway. Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-07Allow building without Group Exchange supportJakub Jelen1-0/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-19crypto: Disable blowfish support by defaultAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-11-30include: Add macro for unused arguments and variablesAndreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-28tests: Replace tests filtering with cmocka builtin filterAnderson Toshiyuki Sasaki1-0/+6
This completely removes the tests filter code from torture.c and calls cmocka_set_test_filter() instead, if available. The checks for required libraries, headers, and the availability of cmocka_set_test_filter() were added to the cmake configuration. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-21libcrypto: disable AES-NI engine when running inside valgrindAris Adamantiadis1-0/+6
Valgrind detects many uninitialized memory false positives from libcrypto's AES-NI internals. Roll back to software AES when running tests. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-09libcrypto: Implement OpenSSH-compatible AES-GCM ciphers using OpenSSLJakub Jelen1-0/+3
The commit also propares the internals throughout the code base for the inclusion of a new AEAD cipher, because previously, the source code counted only with chacha20-poly1305 cipher, which is very specific in many cases. The SSH_HMAC_AEAD_GCM mac algorithm is not actually used, but the name needed to be defined so we can match in the algorithms selection per OpenSSH specification (MACs are ignored in case GCM is select as a cipher [1]). If the provided OpenSSL does not provide EVP_aes_128_gcm() function, the AES-GCM ciphers will not be compiled in. [1] https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?annotate=HEAD Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17cmake: Correctly detect if glob has gl_flags memberAndreas Schneider1-0/+3
Thanks to Baruch Siach. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29misc: Add strndup implementation if not provides by the OSAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-13cmake: Fix PACKAGE and VERSION in config.hAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-13cmake: Detect constructor and destructor attributesAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29Rest in Peace SSHv1Andreas Schneider1-3/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-06-29kex: Enable chacha20-poly1304 KEX with mbedtlsAndreas Schneider1-3/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28chacha: fix build for mbedTLSJon Simons1-0/+3
Fix the build for mbedTLS: * set HAVE_CHACHA for non-mbedTLS builds * only compile chachapoly.c when HAVE_CHACHA * use empty CHACHA20 in src/kex.c unless HAVE_CHACHA Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28cmake: detect "bounded" compiler attributeAris Adamantiadis1-0/+2
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28external: Add ChaCha and Poly1305 implementations from OpenSSHAris Adamantiadis1-0/+3
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04cmake: add WITH_PACKET_DEBUG optionAris Adamantiadis1-0/+3
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-11misc: Use SecureZeroMemory if available for explicit_bzeroAlberto Aguirre1-0/+3
Useful on Windows platforms where SecureZeroMemory is available. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-11misc: Use memset_s if available for explicit_bzeroAlberto Aguirre1-0/+3
Useful on OSX where memset_s is available. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12src: Use explicit_bzero() if available on the platformAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-28add mbedtls crypto supportJuraj Vijtiuk1-0/+6
Summary: This patch adds support for mbedTLS as a crypto backend for libssh. mbedTLS is an SSL/TLS library that has been designed to mainly be used in embedded systems. It is loosely coupled and has a low memory footprint. mbedTLS also provides a cryptography library (libmbedcrypto) that can be used without the TLS modules. The patch is unfortunately quite big, since several new files had to be added. DSA is disabled at compile time, since mbedTLS doesn't support DSA Patch review and feedback would be appreciated, and if any issues or suggestions appear, I'm willing to work on them. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Test Plan: * The patch has been tested with a Debug and MinSizeRel build, with libssh unit tests, client tests and the pkd tests. * All the tests have been run with valgrind's memcheck, drd and helgrind tools. * The examples/samplessh client works when built with the patch. Reviewers: asn, aris Subscribers: simonsj Differential Revision: https://bugs.libssh.org/D1
2017-12-21config: Add CMake check for glob()Jakub Jelen1-0/+6
2017-08-25cmake: Add check for fallthrough attributeAndreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-02-23cmake: Check for EVP_CIPHER_CTX_newAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07cmake: Use configure check for CRYPTO_ctr128_encryptAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07threads: Use new API call for OpenSSL CRYPTO THREADIDAndreas Schneider1-0/+3
BUG: https://red.libssh.org/issues/222 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-06cmake: Check for io.h on WindowsAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-06cmake: Correctly check for sys/[u]time.hAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>