aboutsummaryrefslogtreecommitdiff
path: root/config.h.cmake
AgeCommit message (Collapse)AuthorFilesLines
2021-01-11Cleanup AES compatibility codeDirkjan Bussink1-12/+0
OpenSSL 1.0.1 has support for CTR & GCM modes so the checks here are no longer needed. This allows for a bunch of additional cleanup of the old code. As for old MacOS versions etc, LibreSSL is a kind of compatibility layer there but things already don't work anyway with that, so it doesn't break anything that isn't already broken. OpenSSL is needed on MacOS separately anyway (like installed with Homebrew). Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-01-11Remove no longer needed compatibility checkDirkjan Bussink1-3/+0
CRYPTO_THREADID_set_callback is available since 1.0.1 which is the oldest supported version. This means the check and compatibility code can be removed. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-01-11Remove no longer needed compatibility functionDirkjan Bussink1-3/+0
Since OpenSSL 1.0.1 is the minimum version, this function is always available so no compatibility check is needed anymore. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-05Add basic support for none cipher and MACsJakub Jelen1-0/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-01-23Implement ChaCha20-poly1305 cipher using native OpenSSLJakub Jelen1-0/+6
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20cmake: Add new option for PKCS11 URI supportSahana Prasad1-0/+3
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-16libgcrypt: Implement chacha20-poly1305@openssh.com cipher using libgcryptJussi Kivilinna1-0/+3
Libgcrypt has supported ChaCha20 and Poly1305 since 1.7.0 version and provides fast assembler implementations. v3: - initialize pointers to NULL - use 'bool' for chacha20_poly1305_keysched.initialized - pass error codes from libgcrypt calls to variable - add SSH_LOG on error paths v2: - use braces for one-line blocks - use UNUSED_PARAM/UNUSED_VAR instead of cast to void - use calloc instead of malloc+memset Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-09-24cmake: Detect OpenSSL X25519 supportAnderson Toshiyuki Sasaki1-0/+3
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24cmake: Detect OpenSSL support for Ed25519Anderson Toshiyuki Sasaki1-0/+3
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki_crypto: Use EVP_DigestSign* and EVP_DigestVerify*Anderson Toshiyuki Sasaki1-0/+6
Use the newer APIs EVP_DigestSign{Init}() and EVP_DigestVerify{Init}() to generate and verify signatures instead of the older EVP_Sign{Init, Update, Final} and EVP_Verify{Init, Update, Final} if supported. Also use the single shot signature/verification if supported as all the input is provided at once. This is a preparation to use Ed25519 implementation from OpenSSL. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04libcrypto: fix compilation with LibreSSLStefan Strogin1-0/+3
LibreSSL does not support FIPS mode, check for FIPS_mode() in ConfigureChecks.cmake. Signed-off-by: Stefan Strogin <steils@gentoo.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04cmake: Use GNUInstallDirs for installationAndreas Schneider1-4/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-05-14cmake,options: Allow to set global client config fileAnderson Toshiyuki Sasaki1-0/+3
This allows the global client (ssh_session) configuration file path to be set in configuration time by defining GLOBAL_CLIENT_CONFIG when calling cmake. If it is not defined, the default path is set as "/etc/ssh/ssh_config". usage example: $ cmake -DGLOBAL_CLIENT_CONFIG=/etc/my/custom/path .. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-01cmake,options: Allow to set global bind config fileAnderson Toshiyuki Sasaki1-0/+3
This allows the global bind configuration file path to be set in configuration time by defining the GLOBAL_BIND_CONFIG when calling cmake. If no value is defined, the default path is set as "/etc/ssh/libssh_server_config". usage example: $ cmake -DGLOBAL_BIND_CONFIG=/etc/my/custom/path .. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-07Use a common KDF functionSimo Sorce1-0/+3
Cleanup the KDF function to use only one function per crypto backend. Improve the KDF function to properly handle requested lenght and to avoid unnecessarily reallocating buffers. In OpenSSL use the new EVP_KDF API if available. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-21buffer: Fix regression introduced by 6c7eaa and c306a6Tilo Eckert1-1/+0
Buffer (un)packing was broken on compilers that are not gcc-compatible since the checks for an argument count of -1 have been removed from ssh_buffer_(un)pack(). This fix no longer uses GCC extensions for the __VA_NARG__ macro, but only plain C99. Note: The macro can no longer count empty argument lists (results in compile error) which was not needed anyway. Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-07Allow building without Group Exchange supportJakub Jelen1-0/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-19crypto: Disable blowfish support by defaultAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-11-30include: Add macro for unused arguments and variablesAndreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-28tests: Replace tests filtering with cmocka builtin filterAnderson Toshiyuki Sasaki1-0/+6
This completely removes the tests filter code from torture.c and calls cmocka_set_test_filter() instead, if available. The checks for required libraries, headers, and the availability of cmocka_set_test_filter() were added to the cmake configuration. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-21libcrypto: disable AES-NI engine when running inside valgrindAris Adamantiadis1-0/+6
Valgrind detects many uninitialized memory false positives from libcrypto's AES-NI internals. Roll back to software AES when running tests. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-09libcrypto: Implement OpenSSH-compatible AES-GCM ciphers using OpenSSLJakub Jelen1-0/+3
The commit also propares the internals throughout the code base for the inclusion of a new AEAD cipher, because previously, the source code counted only with chacha20-poly1305 cipher, which is very specific in many cases. The SSH_HMAC_AEAD_GCM mac algorithm is not actually used, but the name needed to be defined so we can match in the algorithms selection per OpenSSH specification (MACs are ignored in case GCM is select as a cipher [1]). If the provided OpenSSL does not provide EVP_aes_128_gcm() function, the AES-GCM ciphers will not be compiled in. [1] https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?annotate=HEAD Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17cmake: Correctly detect if glob has gl_flags memberAndreas Schneider1-0/+3
Thanks to Baruch Siach. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-29misc: Add strndup implementation if not provides by the OSAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-13cmake: Fix PACKAGE and VERSION in config.hAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-13cmake: Detect constructor and destructor attributesAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29Rest in Peace SSHv1Andreas Schneider1-3/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-06-29kex: Enable chacha20-poly1304 KEX with mbedtlsAndreas Schneider1-3/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28chacha: fix build for mbedTLSJon Simons1-0/+3
Fix the build for mbedTLS: * set HAVE_CHACHA for non-mbedTLS builds * only compile chachapoly.c when HAVE_CHACHA * use empty CHACHA20 in src/kex.c unless HAVE_CHACHA Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28cmake: detect "bounded" compiler attributeAris Adamantiadis1-0/+2
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28external: Add ChaCha and Poly1305 implementations from OpenSSHAris Adamantiadis1-0/+3
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04cmake: add WITH_PACKET_DEBUG optionAris Adamantiadis1-0/+3
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-11misc: Use SecureZeroMemory if available for explicit_bzeroAlberto Aguirre1-0/+3
Useful on Windows platforms where SecureZeroMemory is available. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-11misc: Use memset_s if available for explicit_bzeroAlberto Aguirre1-0/+3
Useful on OSX where memset_s is available. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12src: Use explicit_bzero() if available on the platformAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-28add mbedtls crypto supportJuraj Vijtiuk1-0/+6
Summary: This patch adds support for mbedTLS as a crypto backend for libssh. mbedTLS is an SSL/TLS library that has been designed to mainly be used in embedded systems. It is loosely coupled and has a low memory footprint. mbedTLS also provides a cryptography library (libmbedcrypto) that can be used without the TLS modules. The patch is unfortunately quite big, since several new files had to be added. DSA is disabled at compile time, since mbedTLS doesn't support DSA Patch review and feedback would be appreciated, and if any issues or suggestions appear, I'm willing to work on them. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Test Plan: * The patch has been tested with a Debug and MinSizeRel build, with libssh unit tests, client tests and the pkd tests. * All the tests have been run with valgrind's memcheck, drd and helgrind tools. * The examples/samplessh client works when built with the patch. Reviewers: asn, aris Subscribers: simonsj Differential Revision: https://bugs.libssh.org/D1
2017-12-21config: Add CMake check for glob()Jakub Jelen1-0/+6
2017-08-25cmake: Add check for fallthrough attributeAndreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-02-23cmake: Check for EVP_CIPHER_CTX_newAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07cmake: Use configure check for CRYPTO_ctr128_encryptAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07threads: Use new API call for OpenSSL CRYPTO THREADIDAndreas Schneider1-0/+3
BUG: https://red.libssh.org/issues/222 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-06cmake: Check for io.h on WindowsAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-06cmake: Correctly check for sys/[u]time.hAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-09-25crypto: old-fashioned aes_ctr when evp_aes_ctr is missingAris Adamantiadis1-0/+6
2015-05-04config: Add missing HAVE_ARPA_INET_H defineAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-02cmake: Detect __func__ and __FUNCTION__ during configure stepAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-08buffer: detect compilers not supporting __VA_ARGS__Aris Adamantiadis1-0/+1
2014-12-17libcrypto: Fix Windows build with ssh_reseed().Andreas Schneider1-0/+3
gettimeofday() is not available on Windows and we need it only in case of forking. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-16examples: Add ssh_server_fork exampleAudrius Butkevicius1-0/+3
Signed-off-by: Audrius Butkevicius <audrius.butkevicius@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-16config: Add missing HAVE_LIBUTIL_H define in config.hAudrius Butkevicius1-0/+3
Signed-off-by: Audrius Butkevicius <audrius.butkevicius@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>