aboutsummaryrefslogtreecommitdiff
path: root/src/libcrypto.c
AgeCommit message (Collapse)AuthorFilesLines
2019-03-13libcrypto: Add missing includes for modes.hAndreas Schneider1-0/+5
This defines block128_f. Fixes T133. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-07Use a common KDF functionSimo Sorce1-67/+73
Cleanup the KDF function to use only one function per crypto backend. Improve the KDF function to properly handle requested lenght and to avoid unnecessarily reallocating buffers. In OpenSSL use the new EVP_KDF API if available. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-22Remove SHA384 HMACDirkjan Bussink1-3/+0
This is not supported by OpenSSH and not recommended to be implemented either. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-21crypto: Use uint8_t instead of non-standard u_charTilo Eckert1-4/+4
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-01-26libcrypto: Use size_t for size calculationsAndreas Schneider1-5/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-11Fix cleaning up HMAC context for openssl < 1.1 remove old compatibility code ↵Marcin Szalowicz1-10/+3
for openssl < 0.9.7 Signed-off-by: Marcin Szalowicz <marcin.szalowicz@oracle.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-19crypto: Disable blowfish support by defaultAndreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-11-30libcrypto: Fix integer comparison in evp_cipher_aead_encrypt()Andreas Schneider1-1/+1
src/libcrypto.c:773:27: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Wsign-compare] <--[cc] if (rc != 1 || outlen != len - aadlen) { ^~ Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30crypto: Use size_t for len argument in encrypt and decrpyt fnAndreas Schneider1-14/+24
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30src: Fix multiple typosTilo Eckert1-1/+1
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-23crypto: Avoid unused parameter warningsJakub Jelen1-0/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-21libcrypto: Fix checking for config.h definesAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-21libcrypto: disable AES-NI engine when running inside valgrindAris Adamantiadis1-1/+16
Valgrind detects many uninitialized memory false positives from libcrypto's AES-NI internals. Roll back to software AES when running tests. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-21libcrypto: detect non matching headers/shared libAris Adamantiadis1-0/+7
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-27libcrypto: Fix memory leak in evp_final()Andreas Schneider1-0/+1
Fixes T116 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-09libcrypto: Implement OpenSSH-compatible AES-GCM ciphers using OpenSSLJakub Jelen1-0/+247
The commit also propares the internals throughout the code base for the inclusion of a new AEAD cipher, because previously, the source code counted only with chacha20-poly1305 cipher, which is very specific in many cases. The SSH_HMAC_AEAD_GCM mac algorithm is not actually used, but the name needed to be defined so we can match in the algorithms selection per OpenSSH specification (MACs are ignored in case GCM is select as a cipher [1]). If the provided OpenSSL does not provide EVP_aes_128_gcm() function, the AES-GCM ciphers will not be compiled in. [1] https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?annotate=HEAD Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-09libcrypto: Do not use magic numbers for AES block sizeJakub Jelen1-9/+9
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-09libcrypto: Avoid double freeJakub Jelen1-1/+0
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-05crypto: Split init and finalize functionsAris Adamantiadis1-3/+35
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-05libcrypto: Use new RAND_priv_bytes() for strong randomnessAndreas Schneider1-0/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-05crytpo: Make sure we check return of ssh_get_random() correctlyAndreas Schneider1-0/+13
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-05bignum: Harmonize ssh_get_random()Aris Adamantiadis1-0/+8
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-30libcrypto: Fix size printingAndreas Schneider1-2/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-30chachapoly: Use a function instead of an extern variableAndreas Schneider1-2/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29Rest in Peace SSHv1Andreas Schneider1-115/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-06-28chacha: packet encryptionAris Adamantiadis1-1/+20
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12src: Use explicit_bzero() if available on the platformAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-07-20libcrypto: add NULL-check for EVP_CIPHER_CTX_cleanupJon Simons1-1/+1
On OpenSSL versions prior to 1.1.0, `EVP_CIPHER_CTX_cleanup` will dereference its argument regardless of whether it is NULL. This is not a problem on OpenSSL at or beyond 1.1.0, where `EVP_CIPHER_CTX_cleanup` (macro to `EVP_CIPHER_CTX_reset`) returns early upon NULL input. Move the call to `EVP_CIPHER_CTX_cleanup` under the existing NULL check in `evp_cipher_cleanup` to avoid the problem. Introduced with this build-break fix: * e66f370682927ca8bd7ae0e7544754c6f4ac4969 Found in manual testing in an environment with an older OpenSSL. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-07-18wrapper: move EVP_CIPHER_CTX_free call to libcrypto.cJon Simons1-0/+3
With this change, a HAVE_LIBCRYPTO #ifdef is removed from wrapper.c. Now, the libcrypto-specific logic for EVP_CIPHER_CTX_free is moved into the ssh_cipher_struct cleanup callback handler for those ciphers. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-07-13libcrypto: fix resource leak in hmac_finalJon Simons1-1/+2
Fix a resource leak in `hmac_final`: say `HMAC_CTX_free` instead of `HMAC_CTX_reset`. This matches the error handling as done in `hmac_init`. Introduced with cf1e808e2ffa1f26644fb5d2cb82a919f323deba. The problem is reproducible running the `pkd_hello` test with: valgrind --leak-check=full ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default Resolves https://red.libssh.org/issues/252. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07cmake: Use configure check for CRYPTO_ctr128_encryptAndreas Schneider1-3/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07libcrypto: Use a pointer for EVP_CIPHER_CTXJakub Jelen1-9/+14
This has been made opaque and it needs to be a pointer. This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07libcrypto: Use a pointer for EVP_MD_CTXJakub Jelen1-5/+6
This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07libcrypto: Use newer API for HMACJakub Jelen1-8/+9
This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07libcrypto: Remove AES_ctr128_encrypt()Jakub Jelen1-0/+4
This is for OpenSSL 1.1.0. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-10-22libcrypto: Fix build with DEBUG_CRYPTO turned onAndreas Schneider1-15/+18
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-09-25crypto: fix broken ifdefAris Adamantiadis1-2/+2
2015-09-25crypto: old-fashioned aes_ctr when evp_aes_ctr is missingAris Adamantiadis1-0/+92
2015-09-25SSH1: fix duplicate identifierAris Adamantiadis1-1/+1
2015-09-25libcrypto: clean up EVP functionsAris Adamantiadis1-372/+187
2015-09-24moved libcrypto structs to c99 notationAris Adamantiadis1-113/+81
2015-09-23libcrypto: refactor EVP_(de|en)cryptAris Adamantiadis1-56/+61
2015-09-07crypto: Add OpenSSL EVP functions for FIPS compatibilityMichael Wilder1-143/+409
Signed-off-by: Michael Wilder <wilder.michael@cimcor.com>
2014-12-17libcrypto: Fix Windows build with ssh_reseed().Andreas Schneider1-0/+5
gettimeofday() is not available on Windows and we need it only in case of forking. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2014-10-02crypto: check malloc return in ssh_mac_ctx_initJon Simons1-1/+5
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-04-22Add SHA2 algorithms for HMACDirkjan Bussink1-0/+69
BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-04security: fix for vulnerability CVE-2014-0017Aris Adamantiadis1-0/+9
When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue.
2013-10-18wrapper: Add more evp functions.Andreas Schneider1-0/+24
2012-09-07kex: Add simple DES support for SSHv1.Dmitriy Kuznetsov1-0/+36
2012-02-04crypto: Add evp hashing function.Andreas Schneider1-0/+28