diff options
Diffstat (limited to 'libssh')
41 files changed, 602 insertions, 265 deletions
diff --git a/libssh/CMakeLists.txt b/libssh/CMakeLists.txt index 2c5c7232..5998bc50 100644 --- a/libssh/CMakeLists.txt +++ b/libssh/CMakeLists.txt @@ -71,6 +71,13 @@ if (WITH_GSSAPI) find_package(GSSAPI) endif (WITH_GSSAPI) +if (WITH_NACL) + find_package(NaCl) + if (NOT NACL_FOUND) + set(WITH_NACL OFF) + endif (NOT NACL_FOUND) +endif (WITH_NACL) + # config.h checks include(ConfigureChecks.cmake) configure_file(config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config.h) @@ -125,6 +132,7 @@ message(STATUS "********** ${PROJECT_NAME} build options : **********") message(STATUS "zlib support: ${WITH_ZLIB}") message(STATUS "libgcrypt support: ${WITH_GCRYPT}") +message(STATUS "libnacl support: ${WITH_NACL}") message(STATUS "SSH-1 support: ${WITH_SSH1}") message(STATUS "SFTP support: ${WITH_SFTP}") message(STATUS "Server support : ${WITH_SERVER}") diff --git a/libssh/ConfigureChecks.cmake b/libssh/ConfigureChecks.cmake index 1c89c4c7..472fe79e 100644 --- a/libssh/ConfigureChecks.cmake +++ b/libssh/ConfigureChecks.cmake @@ -50,6 +50,7 @@ check_include_file(argp.h HAVE_ARGP_H) check_include_file(pty.h HAVE_PTY_H) check_include_file(termios.h HAVE_TERMIOS_H) check_include_file(unistd.h HAVE_UNISTD_H) +check_include_file(util.h HAVE_UTIL_H) if (WIN32) check_include_files("winsock2.h;ws2tcpip.h;wspiapi.h" HAVE_WSPIAPI_H) @@ -93,6 +94,7 @@ endif (NOT WITH_GCRYPT) # FUNCTIONS +check_function_exists(isblank HAVE_ISBLANK) check_function_exists(strncpy HAVE_STRNCPY) check_function_exists(vsnprintf HAVE_VSNPRINTF) check_function_exists(snprintf HAVE_SNPRINTF) diff --git a/libssh/DefineOptions.cmake b/libssh/DefineOptions.cmake index 756b948a..ab7819a5 100644 --- a/libssh/DefineOptions.cmake +++ b/libssh/DefineOptions.cmake @@ -13,7 +13,7 @@ option(WITH_TESTING "Build with unit tests" OFF) option(WITH_CLIENT_TESTING "Build with client tests; requires a running sshd" OFF) option(WITH_BENCHMARKS "Build benchmarks tools" OFF) option(WITH_EXAMPLES "Build examples" ON) - +option(WITH_NACL "Build with libnacl (curve25519" ON) if (WITH_ZLIB) set(WITH_LIBZ ON) else (WITH_ZLIB) @@ -27,3 +27,7 @@ endif(WITH_BENCHMARKS) if (WITH_TESTING) set(WITH_STATIC_LIB ON) endif (WITH_TESTING) + +if (WITH_NACL) + set(WITH_NACL ON) +endif (WITH_NACL)
\ No newline at end of file diff --git a/libssh/cmake/Modules/DefinePlatformDefaults.cmake b/libssh/cmake/Modules/DefinePlatformDefaults.cmake index 502d936b..77f8a461 100644 --- a/libssh/cmake/Modules/DefinePlatformDefaults.cmake +++ b/libssh/cmake/Modules/DefinePlatformDefaults.cmake @@ -26,3 +26,7 @@ endif (CMAKE_SYSTEM_NAME MATCHES "(Solaris|SunOS)") if (CMAKE_SYSTEM_NAME MATCHES "OS2") set(OS2 TRUE) endif (CMAKE_SYSTEM_NAME MATCHES "OS2") + +if (CMAKE_SYSTEM_NAME MATCHES "Darwin") + set (OSX TRUE) +endif (CMAKE_SYSTEM_NAME MATCHES "Darwin") diff --git a/libssh/config.h.cmake b/libssh/config.h.cmake index f7f8957f..7e8cb6a8 100644 --- a/libssh/config.h.cmake +++ b/libssh/config.h.cmake @@ -20,6 +20,9 @@ /* Define to 1 if you have the <pty.h> header file. */ #cmakedefine HAVE_PTY_H 1 +/* Define to 1 if you have the <util.h> header file. */ +#cmakedefine HAVE_UTIL_H 1 + /* Define to 1 if you have the <termios.h> header file. */ #cmakedefine HAVE_TERMIOS_H 1 @@ -79,6 +82,9 @@ /* Define to 1 if you have the `_vsnprintf_s' function. */ #cmakedefine HAVE__VSNPRINTF_S 1 +/* Define to 1 if you have the `isblank' function. */ +#cmakedefine HAVE_ISBLANK 1 + /* Define to 1 if you have the `strncpy' function. */ #cmakedefine HAVE_STRNCPY 1 @@ -123,7 +129,6 @@ /* Define to 1 if you have the `pthread' library (-lpthread). */ #cmakedefine HAVE_PTHREAD 1 - /**************************** OPTIONS ****************************/ #cmakedefine HAVE_GCC_THREAD_LOCAL_STORAGE 1 @@ -155,6 +160,9 @@ /* Define to 1 if you want to enable calltrace debug output */ #cmakedefine DEBUG_CALLTRACE 1 +/* Define to 1 if you want to enable NaCl support */ +#cmakedefine WITH_NACL 1 + /*************************** ENDIAN *****************************/ /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most diff --git a/libssh/doc/doxy.config.in b/libssh/doc/doxy.config.in index 276a2611..4da9b2c9 100644 --- a/libssh/doc/doxy.config.in +++ b/libssh/doc/doxy.config.in @@ -1628,7 +1628,7 @@ INCLUDE_FILE_PATTERNS = # undefined via #undef or recursively expanded use the := operator # instead of the = operator. -PREDEFINED = +PREDEFINED = WITH_SERVER WITH_SFTP WITH_PCAP # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then # this tag can be used to specify a list of macro names that should be expanded. diff --git a/libssh/doc/mainpage.dox b/libssh/doc/mainpage.dox index 5fb695a6..70f774ad 100644 --- a/libssh/doc/mainpage.dox +++ b/libssh/doc/mainpage.dox @@ -19,7 +19,7 @@ the interesting functions as you go. The libssh library provides: - - <strong>Key Exchange Methods</strong>: <i>ecdh-sha2-nistp256</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1 + - <strong>Key Exchange Methods</strong>: <i>curve25519-sha256@libssh.org, ecdh-sha2-nistp256</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1 - <strong>Hostkey Types</strong>: <i>ecdsa-sha2-nistp256</i>, ssh-dss, ssh-rsa - <strong>Ciphers</strong>: <i>aes256-ctr, aes192-ctr, aes128-ctr</i>, aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, des-cbc-ssh1, blowfish-cbc, none - <strong>Compression Schemes</strong>: zlib, <i>zlib@openssh.com</i>, none @@ -184,6 +184,8 @@ It was later modified and expanded by the following RFCs. Authentication and Key Exchange for the Secure Shell (SSH) Protocol - <a href="http://tools.ietf.org/html/rfc4716" target="_blank">RFC 4716</a>, The Secure Shell (SSH) Public Key File Format + - <a href="http://tools.ietf.org/html/rfc5647" target="_blank">RFC 5647</a>, + AES Galois Counter Mode for the Secure Shell Transport Layer Protocol - <a href="http://tools.ietf.org/html/rfc5656" target="_blank">RFC 5656</a>, Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer @@ -203,6 +205,12 @@ do the same in libssh. @subsection main-rfc-extensions Secure Shell Extensions +The libssh project has an extension to support Curve25519 which is also supported by +the OpenSSH project. + + - <a href="" target="_blank">curve25519-sha256@libssh.org</a>, + Curve25519-SHA256 for ECDH KEX + The OpenSSH project has defined some extensions to the protocol. We support some of them like the statvfs calls in SFTP or the ssh-agent. diff --git a/libssh/doc/sftp.dox b/libssh/doc/sftp.dox index 97f9afbb..8b7c7e1a 100644 --- a/libssh/doc/sftp.dox +++ b/libssh/doc/sftp.dox @@ -210,52 +210,63 @@ results to come. Synchronous read is done with sftp_read(). -The following example prints the contents of remote file "/etc/profile". For -each 1024 bytes of information read, it waits until the end of the read operation: +Files are normally transferred in chunks. A good chunk size is 16 KB. The following +example transfers the remote file "/etc/profile" in 16 KB chunks. For each chunk we +request, sftp_read blocks till the data has been received: @code +// Good chunk size +#define MAX_XFER_BUF_SIZE 16384 + int sftp_read_sync(ssh_session session, sftp_session sftp) { int access_type; sftp_file file; - char buffer[1024]; - int nbytes, rc; + char buffer[MAX_XFER_BUF_SIZE]; + int nbytes, nwritten, rc; + int fd; access_type = O_RDONLY; file = sftp_open(sftp, "/etc/profile", access_type, 0); - if (file == NULL) - { - fprintf(stderr, "Can't open file for reading: %s\n", - ssh_get_error(session)); - return SSH_ERROR; + if (file == NULL) { + fprintf(stderr, "Can't open file for reading: %s\n", + ssh_get_error(session)); + return SSH_ERROR; } - nbytes = sftp_read(file, buffer, sizeof(buffer)); - while (nbytes > 0) - { - if (write(1, buffer, nbytes) != nbytes) - { - sftp_close(file); + fd = open("/path/to/profile", O_CREAT); + if (fd < 0) { + fprintf(stderr, "Can't open file for writing: %s\n", + strerror(errno)); return SSH_ERROR; - } - nbytes = sftp_read(file, buffer, sizeof(buffer)); } - if (nbytes < 0) - { - fprintf(stderr, "Error while reading file: %s\n", - ssh_get_error(session)); - sftp_close(file); - return SSH_ERROR; + for (;;) { + nbytes = sftp_read(file, buffer, sizeof(buffer)); + if (nbytes == 0) { + break; // EOF + } else if (nbytes < 0) { + fprintf(stderr, "Error while reading file: %s\n", + ssh_get_error(session)); + sftp_close(file); + return SSH_ERROR; + } + + nwritten = write(fd, buf, nbytes); + if (nwritten != nbytes) { + fprintf(stderr, "Error writing: %s\n", + strerror(errno)); + sftp_close(file); + return SSH_ERROR; + } } rc = sftp_close(file); - if (rc != SSH_OK) - { - fprintf(stderr, "Can't close the read file: %s\n", - ssh_get_error(session)); - return rc; + if (rc != SSH_OK) { + fprintf(stderr, "Can't close the read file: %s\n", + ssh_get_error(session)); + return rc; } return SSH_OK; @@ -274,11 +285,14 @@ The example below reads a very big file in asynchronous, nonblocking, mode. Each time the data are not ready yet, a counter is incrementer. @code +// Good chunk size +#define MAX_XFER_BUF_SIZE 16384 + int sftp_read_async(ssh_session session, sftp_session sftp) { int access_type; sftp_file file; - char buffer[1024]; + char buffer[MAX_XFER_BUF_SIZE]; int async_request; int nbytes; long counter; @@ -287,8 +301,7 @@ int sftp_read_async(ssh_session session, sftp_session sftp) access_type = O_RDONLY; file = sftp_open(sftp, "some_very_big_file", access_type, 0); - if (file == NULL) - { + if (file == NULL) { fprintf(stderr, "Can't open file for reading: %s\n", ssh_get_error(session)); return SSH_ERROR; @@ -298,27 +311,31 @@ int sftp_read_async(ssh_session session, sftp_session sftp) async_request = sftp_async_read_begin(file, sizeof(buffer)); counter = 0L; usleep(10000); - if (async_request >= 0) + if (async_request >= 0) { nbytes = sftp_async_read(file, buffer, sizeof(buffer), async_request); - else nbytes = -1; - while (nbytes > 0 || nbytes == SSH_AGAIN) - { - if (nbytes > 0) - { + } else { + nbytes = -1; + } + + while (nbytes > 0 || nbytes == SSH_AGAIN) { + if (nbytes > 0) { write(1, buffer, nbytes); async_request = sftp_async_read_begin(file, sizeof(buffer)); + } else { + counter++; } - else counter++; usleep(10000); - if (async_request >= 0) + + if (async_request >= 0) { nbytes = sftp_async_read(file, buffer, sizeof(buffer), async_request); - else nbytes = -1; + } else { + nbytes = -1; + } } - if (nbytes < 0) - { + if (nbytes < 0) { fprintf(stderr, "Error while reading file: %s\n", ssh_get_error(session)); sftp_close(file); @@ -328,8 +345,7 @@ int sftp_read_async(ssh_session session, sftp_session sftp) printf("The counter has reached value: %ld\n", counter); rc = sftp_close(file); - if (rc != SSH_OK) - { + if (rc != SSH_OK) { fprintf(stderr, "Can't close the read file: %s\n", ssh_get_error(session)); return rc; diff --git a/libssh/examples/CMakeLists.txt b/libssh/examples/CMakeLists.txt index fc1c9341..c155e097 100644 --- a/libssh/examples/CMakeLists.txt +++ b/libssh/examples/CMakeLists.txt @@ -11,9 +11,9 @@ include_directories( ${CMAKE_BINARY_DIR} ) -if (BSD OR SOLARIS) +if (BSD OR SOLARIS OR OSX) find_package(Argp) -endif (BSD OR SOLARIS) +endif (BSD OR SOLARIS OR OSX) if (UNIX AND NOT WIN32) add_executable(libssh_scp libssh_scp.c ${examples_SRCS}) @@ -28,7 +28,7 @@ if (UNIX AND NOT WIN32) if (WITH_SERVER) if (HAVE_LIBUTIL) add_executable(samplesshd-tty samplesshd-tty.c) - target_link_libraries(samplesshd-tty ${LIBSSH_SHARED_LIBRARY} util) + target_link_libraries(samplesshd-tty ${LIBSSH_SHARED_LIBRARY} ${ARGP_LIBRARIES} util) endif (HAVE_LIBUTIL) endif (WITH_SERVER) diff --git a/libssh/examples/knownhosts.c b/libssh/examples/knownhosts.c index 37c0ba4e..5097cd93 100644 --- a/libssh/examples/knownhosts.c +++ b/libssh/examples/knownhosts.c @@ -34,14 +34,26 @@ int verify_knownhost(ssh_session session){ int state; char buf[10]; unsigned char *hash = NULL; - int hlen; + size_t hlen; + ssh_key srv_pubkey; + int rc; state=ssh_is_server_known(session); - hlen = ssh_get_pubkey_hash(session, &hash); - if (hlen < 0) { - return -1; + rc = ssh_get_publickey(session, &srv_pubkey); + if (rc < 0) { + return -1; } + + rc = ssh_get_publickey_hash(srv_pubkey, + SSH_PUBLICKEY_HASH_SHA1, + &hash, + &hlen); + ssh_key_free(srv_pubkey); + if (rc < 0) { + return -1; + } + switch(state){ case SSH_SERVER_KNOWN_OK: break; /* ok */ diff --git a/libssh/examples/samplesshd-tty.c b/libssh/examples/samplesshd-tty.c index 7ed70d3d..83b75648 100644 --- a/libssh/examples/samplesshd-tty.c +++ b/libssh/examples/samplesshd-tty.c @@ -25,8 +25,12 @@ clients must be made or how a client should react. #include <string.h> #include <stdio.h> #include <poll.h> +#ifdef HAVE_PTY_H #include <pty.h> - +#endif +#ifdef HAVE_UTIL_H +#include <util.h> +#endif #define SSHD_USER "libssh" #define SSHD_PASSWORD "libssh" diff --git a/libssh/include/libssh/callbacks.h b/libssh/include/libssh/callbacks.h index 131e8229..a841f2e5 100644 --- a/libssh/include/libssh/callbacks.h +++ b/libssh/include/libssh/callbacks.h @@ -166,7 +166,7 @@ typedef struct ssh_callbacks_struct *ssh_callbacks; * @param user User that wants to authenticate * @param password Password used for authentication * @param userdata Userdata to be passed to the callback function. - * @returns SSH_AUTH_OK Authentication is accepted. + * @returns SSH_AUTH_SUCCESS Authentication is accepted. * @returns SSH_AUTH_PARTIAL Partial authentication, more authentication means are needed. * @returns SSH_AUTH_DENIED Authentication failed. */ @@ -179,7 +179,7 @@ typedef int (*ssh_auth_password_callback) (ssh_session session, const char *user * @param session Current session handler * @param user User that wants to authenticate * @param userdata Userdata to be passed to the callback function. - * @returns SSH_AUTH_OK Authentication is accepted. + * @returns SSH_AUTH_SUCCESS Authentication is accepted. * @returns SSH_AUTH_PARTIAL Partial authentication, more authentication means are needed. * @returns SSH_AUTH_DENIED Authentication failed. */ @@ -191,7 +191,7 @@ typedef int (*ssh_auth_none_callback) (ssh_session session, const char *user, vo * @param user Username of the user (can be spoofed) * @param principal Authenticated principal of the user, including realm. * @param userdata Userdata to be passed to the callback function. - * @returns SSH_AUTH_OK Authentication is accepted. + * @returns SSH_AUTH_SUCCESS Authentication is accepted. * @returns SSH_AUTH_PARTIAL Partial authentication, more authentication means are needed. * @returns SSH_AUTH_DENIED Authentication failed. * @warning Implementations should verify that parameter user matches in some way the principal. @@ -209,7 +209,7 @@ typedef int (*ssh_auth_gssapi_mic_callback) (ssh_session session, const char *us * SSH_PUBLICKEY_STATE_VALID if the signature is valid. Others values should be * replied with a SSH_AUTH_DENIED. * @param userdata Userdata to be passed to the callback function. - * @returns SSH_AUTH_OK Authentication is accepted. + * @returns SSH_AUTH_SUCCESS Authentication is accepted. * @returns SSH_AUTH_PARTIAL Partial authentication, more authentication means are needed. * @returns SSH_AUTH_DENIED Authentication failed. */ diff --git a/libssh/include/libssh/curve25519.h b/libssh/include/libssh/curve25519.h index 004210cb..35e25be0 100644 --- a/libssh/include/libssh/curve25519.h +++ b/libssh/include/libssh/curve25519.h @@ -26,15 +26,23 @@ #ifdef WITH_NACL -#define HAVE_CURVE25519 #include <nacl/crypto_scalarmult_curve25519.h> #define CURVE25519_PUBKEY_SIZE crypto_scalarmult_curve25519_BYTES #define CURVE25519_PRIVKEY_SIZE crypto_scalarmult_curve25519_SCALARBYTES +#define crypto_scalarmult_base crypto_scalarmult_curve25519_base +#define crypto_scalarmult crypto_scalarmult_curve25519 +#else + +#define CURVE25519_PUBKEY_SIZE 32 +#define CURVE25519_PRIVKEY_SIZE 32 +int crypto_scalarmult_base(unsigned char *q, const unsigned char *n); +int crypto_scalarmult(unsigned char *q, const unsigned char *n, const unsigned char *p); +#endif /* WITH_NACL */ +#define HAVE_CURVE25519 typedef unsigned char ssh_curve25519_pubkey[CURVE25519_PUBKEY_SIZE]; typedef unsigned char ssh_curve25519_privkey[CURVE25519_PRIVKEY_SIZE]; -#endif /* WITH_NACL */ int ssh_client_curve25519_init(ssh_session session); int ssh_client_curve25519_reply(ssh_session session, ssh_buffer packet); diff --git a/libssh/include/libssh/libcrypto.h b/libssh/include/libssh/libcrypto.h index 54c78b16..5cf2da28 100644 --- a/libssh/include/libssh/libcrypto.h +++ b/libssh/include/libssh/libcrypto.h @@ -38,6 +38,11 @@ typedef SHA_CTX* SHACTX; typedef SHA256_CTX* SHA256CTX; typedef MD5_CTX* MD5CTX; typedef HMAC_CTX* HMACCTX; +#ifdef HAVE_ECC +typedef EVP_MD_CTX *EVPCTX; +#else +typedef void *EVPCTX; +#endif #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH #ifdef MD5_DIGEST_LEN diff --git a/libssh/include/libssh/libgcrypt.h b/libssh/include/libssh/libgcrypt.h index 54982063..c1844a53 100644 --- a/libssh/include/libssh/libgcrypt.h +++ b/libssh/include/libssh/libgcrypt.h @@ -29,6 +29,7 @@ typedef gcry_md_hd_t SHACTX; typedef gcry_md_hd_t MD5CTX; typedef gcry_md_hd_t HMACCTX; +typedef void *EVPCTX; #define SHA_DIGEST_LENGTH 20 #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH #define MD5_DIGEST_LEN 16 diff --git a/libssh/include/libssh/libssh.h b/libssh/include/libssh/libssh.h index a451620e..3833adcd 100644 --- a/libssh/include/libssh/libssh.h +++ b/libssh/include/libssh/libssh.h @@ -208,10 +208,14 @@ enum ssh_publickey_state_e { SSH_PUBLICKEY_STATE_WRONG=2 }; -/* status flags */ +/* Status flags */ +/** Socket is closed */ #define SSH_CLOSED 0x01 +/** Reading to socket won't block */ #define SSH_READ_PENDING 0x02 +/** Session was closed due to an error */ #define SSH_CLOSED_ERROR 0x04 +/** Output buffer not empty */ #define SSH_WRITE_PENDING 0x08 enum ssh_server_known_e { @@ -408,8 +412,20 @@ LIBSSH_API socket_t ssh_get_fd(ssh_session session); LIBSSH_API char *ssh_get_hexa(const unsigned char *what, size_t len); LIBSSH_API char *ssh_get_issue_banner(ssh_session session); LIBSSH_API int ssh_get_openssh_version(ssh_session session); + LIBSSH_API int ssh_get_publickey(ssh_session session, ssh_key *key); -LIBSSH_API int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash); + +enum ssh_publickey_hash_type { + SSH_PUBLICKEY_HASH_SHA1, + SSH_PUBLICKEY_HASH_MD5 +}; +LIBSSH_API int ssh_get_publickey_hash(const ssh_key key, + enum ssh_publickey_hash_type type, + unsigned char **hash, + size_t *hlen); + +SSH_DEPRECATED LIBSSH_API int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash); + LIBSSH_API int ssh_get_random(void *where,int len,int strong); LIBSSH_API int ssh_get_version(ssh_session session); LIBSSH_API int ssh_get_status(ssh_session session); diff --git a/libssh/include/libssh/pki.h b/libssh/include/libssh/pki.h index 96bacd52..89a0f982 100644 --- a/libssh/include/libssh/pki.h +++ b/libssh/include/libssh/pki.h @@ -60,6 +60,7 @@ struct ssh_key_struct { struct ssh_signature_struct { enum ssh_keytypes_e type; + const char *type_c; #ifdef HAVE_LIBGCRYPT gcry_sexp_t dsa_sig; gcry_sexp_t rsa_sig; diff --git a/libssh/include/libssh/priv.h b/libssh/include/libssh/priv.h index 43f749bb..d8176d90 100644 --- a/libssh/include/libssh/priv.h +++ b/libssh/include/libssh/priv.h @@ -67,7 +67,9 @@ # define strcasecmp _stricmp # define strncasecmp _strnicmp -# define isblank(ch) ((ch) == ' ' || (ch) == '\t' || (ch) == '\n' || (ch) == '\r') +# if ! defined(HAVE_ISBLANK) +# define isblank(ch) ((ch) == ' ' || (ch) == '\t' || (ch) == '\n' || (ch) == '\r') +# endif # define usleep(X) Sleep(((X)+1000)/1000) @@ -153,6 +155,16 @@ int gettimeofday(struct timeval *__p, void *__t); #include <sys/time.h> #endif +/* + * get rid of deprecacy warnings on OSX when using OpenSSL + */ +#if defined(__APPLE__) + #ifdef MAC_OS_X_VERSION_MIN_REQUIRED + #undef MAC_OS_X_VERSION_MIN_REQUIRED + #endif + #define MAC_OS_X_VERSION_MIN_REQUIRED MAC_OS_X_VERSION_10_6 +#endif + /* forward declarations */ struct ssh_common_struct; struct ssh_kex_struct; @@ -252,7 +264,7 @@ int match_hostname(const char *host, const char *pattern, unsigned int len); /** Overwrite the buffer with '\0' */ # define BURN_BUFFER(x, size) do { \ if ((x) != NULL) \ - memset((x), '\0', (size))); __asm__ volatile("" : : "r"(&(x)) : "memory"); \ + memset((x), '\0', (size)); __asm__ volatile("" : : "r"(&(x)) : "memory"); \ } while(0) #else /* HAVE_GCC_VOLATILE_MEMORY_PROTECTION */ /** Overwrite a string with '\0' */ @@ -263,7 +275,7 @@ int match_hostname(const char *host, const char *pattern, unsigned int len); /** Overwrite the buffer with '\0' */ # define BURN_BUFFER(x, size) do { \ if ((x) != NULL) \ - memset((x), '\0', (size))); __asm__ volatile("" : : "r"(&(x)) : "memory"); \ + memset((x), '\0', (size)); __asm__ volatile("" : : "r"(&(x)) : "memory"); \ } while(0) #endif /* HAVE_GCC_VOLATILE_MEMORY_PROTECTION */ diff --git a/libssh/include/libssh/wrapper.h b/libssh/include/libssh/wrapper.h index 90c268d9..7374a88a 100644 --- a/libssh/include/libssh/wrapper.h +++ b/libssh/include/libssh/wrapper.h @@ -53,6 +53,9 @@ void sha1(unsigned char *digest,int len,unsigned char *hash); void sha256(unsigned char *digest, int len, unsigned char *hash); void evp(int nid, unsigned char *digest, int len, unsigned char *hash, unsigned int *hlen); +EVPCTX evp_init(int nid); +void evp_update(EVPCTX ctx, const void *data, unsigned long len); +void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen); ssh_mac_ctx ssh_mac_ctx_init(enum ssh_mac_e type); void ssh_mac_update(ssh_mac_ctx ctx, const void *data, unsigned long len); diff --git a/libssh/src/CMakeLists.txt b/libssh/src/CMakeLists.txt index b4046805..83435d0c 100644 --- a/libssh/src/CMakeLists.txt +++ b/libssh/src/CMakeLists.txt @@ -115,6 +115,7 @@ set(libssh_SRCS client.c config.c connect.c + curve25519.c dh.c ecdh.c error.c @@ -204,12 +205,12 @@ if (WITH_GSSAPI AND GSSAPI_FOUND) ) endif (WITH_GSSAPI AND GSSAPI_FOUND) -if (WITH_NACL) +if (NOT WITH_NACL) set(libssh_SRCS ${libssh_SRCS} - curve25519.c + curve25519_ref.c ) -endif (WITH_NACL) +endif (NOT WITH_NACL) include_directories( ${LIBSSH_PUBLIC_INCLUDE_DIRS} diff --git a/libssh/src/auth.c b/libssh/src/auth.c index de7965d2..6664c203 100644 --- a/libssh/src/auth.c +++ b/ |