| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
Run clang-format over the Mosh source tree. This is a large change and
has been factored into its own commit for auditability. Reproduce it
with
find . -name \*.cc -or -name \*.h | while read f; do clang-format -i --style=file $f; done
|
| |
|
|
|
|
|
|
|
| |
Create .clang-format to describe the current C++ style used in Mosh.
Mark one carefully-formatted array with `// clang-format off`. Also turn
off clang-format in src/crypto/ocb_internal.cc, since it was imported
almost wholesale from another project and is written in a style
different from the rest of Mosh.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Previously, mosh used extensive -I flags and all of the mosh-local
makes it really hard to tell what the proper dependency graph is, so
instead remove the -I arguments in favvor of $(top_srcdir) and qualify
the paths wherever they are used.
|
| |
|
|
|
|
|
| |
Replace calls to AES_* APIs, which were deprecated in OpenSSL 3, with
calls to EVP_* APIs.
Closes: https://github.com/mobile-shell/mosh/issues/1174
|
| |
|
|
|
|
|
|
|
| |
Previously, ocb_internal.cc supported different key sizes, by way of
the deprecated aes_* function family. However, in practice, mosh
always uses AES-128. In Nettle, the explicit key-size APIs are not
deprecated, so switch to AES-128 directly.
Fixes: 1202
|
| |
|
|
|
|
|
| |
The OpenSSL EVP API requires that keys be heap-allocated, so switch
_ae_ctx to use pointers to keys and opaque allocation functions.
Bug: https://github.com/mobile-shell/mosh/issues/1174
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Explicitly define the primitive AES API used by the internal OCB
implementation, and move it into its own namespace (ocb_aes). This will
ease future implementation changes.
Also make some style fixes to affected lines: Replace C-style casts
with C++-style casts, add some missing spaces in argument lists, and
remove some `inline` that the compiler will ignore.
Bug: https://github.com/mobile-shell/mosh/issues/1174
|
| |
|
|
|
| |
This macro was used in the reference and AES-NI AES implementations,
both of which were deleted in a563093f16be3fca2127224d5c6db36db60c79ca.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After further discussion, the Mosh maintainers have decided to stick
with the internal OCB implementation for this release. Restore support
for using OpenSSL’s AES but internal OCB. To make this commit easy to
audit, restore the code exactly, including calls to AES functions that
are deprecated in OpenSSL 3; a future commit will update ocb_internal.cc
to use EVP instead of directly calling the AES primitives.
In anticipation of future changes, preserve support for OpenSSL’s
AES-OCB, but don’t compile it in. Add
--with-crypto-library=openssl-with-openssl-ocb and
--with-crypto-library=openssl-with-internal-ocb options to configure so
that developers can easily test Mosh using OpenSSL’s AES-OCB. These
options are intended only for testing, are undocumented, and are not
subject to any API stability guarantees.
Rework configure to look for all possible cryptography libraries first
and then dispatch on --with-crypto-library as appropriate.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 3.0 deprecated many of the functions that ocb.cc used to
implement OCB-AES, causing a build failure when -Wdeprecated collided
with -Werror. Debian temporarily fixed this by suppressing the error
in #1191.
Since mosh 1.4 will be the next stable release of mosh, it should not
depend on deprecated functions in OpenSSL. Since version 1.1.0,
OpenSSL natively supports OCB-AES through the EVP_CIPHER API. @cgull
started early support for this in #924.
This change extends upon the previous work by @cgull in a few ways
* EVP_CipherInit_ex is called in ae_init to set up the
EVP_CIPHER_CTX. It is later called in ae_encrypt and ae_decrypt
just to load nonce (IV in OpenSSL EVP parlance), which reduces the
amount of initialization done per-packet. However, due to OpenSSL
API limitations, two copies of the EVP_CIPHER_CTX are kept: one for
encryption, and one for decryption.
* Adds missing support for an external tag, rather than just one
appended to the ciphertext
* Support for non-default-sized tags
as well as some improved error handling.
Note that this change raises the minimum OpenSSL version for Mosh to
1.1.0. OpenSSL does not provide security support for versions prior to
1.1 at this time, so this is in principle reasonable dependency. If we
want to continue to support distributions (such as RHEL7) which
continue to be supported by their vendor but use an unsupported
OpenSSL, then some future work will have to restore the ocb.cc
implementation that uses the deprecated functions.
Bugs: #1174
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Split src/crypto/ocb.cc into two files – one containing the AES-OCB
implementation backed by OpenSSL, and the other containing
implementations backed by Apple Common Crypto and Nettle. This paves the
way for a new OpenSSL implementation that uses OpenSSL 1.1’s OCB support
directly, rather than one that merely uses OpenSSL to provide the
underlying block cipher.
Remove support for rijndael-alg-fst.c and compiler-provided AES
intrinsics, since they’re not in use anymore. (Mosh can still use
hardware-accelerated AES if it’s available; it just now relies
exclusively on the underlying cryptography library to accelerate AES if
possible.)
Update the build system to conditionally compile in either
ocb_openssl.cc or ocb_internal.cc, depending on which cryptography
library you pass to ./configure.
To make this commit easy to audit, ocb_openssl.cc and ocb_internal.cc
are trivially diffable against ocb.cc (now deleted). Expected diffs
consist of a copyright notice update, a preprocessor check to ensure the
appropriate cryptography implementation has been selected, and deletions
to remove code that’s no longer in use. This does mean a substantial
amount of code is duplicated between ocb_openssl.cc and ocb_internal.cc;
however, ocb_openssl.cc should be completely replaced soon, so it won’t
be an issue in the long term.
Bug: https://github.com/mobile-shell/mosh/issues/1174
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 6321b1d9c50b202e1823ba62ea8e47f6b08bdb2e.
The original commit 6321b1d9c50b202e1823ba62ea8e47f6b08bdb2e switched
from a malloc call of a 22400 byte buffer to a stack-allocated 22400
byte buffer, in addition to the fairly large buffers already allocated
in the functions. Some systems have fairly small stack frames, making
this 22K allocation potentially dangerous. On my stock Debian bullseye
system, I have 200809 bytes (from `getconf
_POSIX_THREAD_ATTR_STACKSIZE`); a 22400 byte buffer already represents
about 10% of the available stacksize.
Other systems, such as those with musl libc, may have either 80KiB or
128KiB [1], making this allocation represent between 18% to 28% of the
available stack space.
[1] https://wiki.musl-libc.org/functional-differences-from-glibc.html#Thread-stack-size
|
| |
|
|
|
|
|
|
| |
This change adds autoconf/automake support for building all of mosh
with gcov, and generates an lcov html report. This allows seeing which
parts ofthe source tree have good test coverage, and which can be
shored up. Eventually, it would be good to hook this up to Github
Actions to be generated automatically.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Unaligned data on ARM architectures do not perform efficiently unaligned
memory access, and in the case of ARMv7 and iOS it completely breaks. The OCB
algorithm dereferences a uint64x2_t pointer, and is replaced by a
memcpy to avoid penalties when trying to align it.
More info https://brewx.qualcomm.com/bws/content/gi/common/appseng/en/knowledgebase/docs/kb95.html
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Fixes #745.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Closes #688.
|
| | |
|
| | |
|
| |
|
|
| |
Unit tests, too.
|
| |
|
|
|
|
| |
From http://launchpadlibrarian.net/171225681/mosh_1.2.4a-1build1_1.2.4a-1ubuntu1.diff.gz
Fixes #615.
|
| |
|
|
|
|
|
| |
This fixes the broken i386 build (aka generic code).
Untested on __ALTIVEC__ and __ARM_NEON__.
Signed-off-by: John Hood <cgull@glup.org>
|
| |
|
|
| |
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
| |
|
|
| |
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
| | |
|
| |
|
|
|
|
|
|
| |
This refactors out a very common pattern of formatting "%s: %s" with
e.function.c_str() and strerror( e.the_errno ) into just the what()
method of NetworkException. It's also a prerequisite for making cleaner
public API for any exceptions we throw, and allows us to more easily
get exceptions passed back to us to handle.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes following problem when compiling mosh with gcc4.8 and
__ARM_NEON__ defined by using -121 instead of 135.
ocb.cc: In function 'block double_block(block)':
ocb.cc:263:56: error: narrowing conversion of '135' from
'int' to '__builtin_neon_qi' inside { } is ill-formed in
C++11 [-Werror=narrowing]
Signed-off-by: Pasi Sjöholm <pasi.sjoholm@jollamobile.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of looking for htobe64 which is be available both when
be64toh or betoh64 are, check for the latter functions. If we
find betoh64 but not be64toh, use compat #defines. If both
can't be found, search for OSX' OSSwapHostToBigInt64.
Also include sys/types.h in byteorder.h (which is necessary for
byteorder functions on OpenBSD), and incidentally fixes build
of networkfragment.cc.
Fixes build on OpenBSD
Signed-off-by: Jérémie Courrèges-Anglas <jca@wxcvbn.org>
|
| |
|
|
|
|
| |
This test doesn't return an error on failure and also was triggering a
stack protector warning on some platforms. We have an end-to-end test of
OCB in src/tests/ocb-aes.cc that seems to work well.
|
| |
|
|
|
|
| |
Found by cppcheck.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
| |
|
|
|
|
|
| |
In the old code, cppcheck complained about throwing in the destructor,
but like, seriously?
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
| |
|
|
|
|
| |
Found by cppcheck.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
| |
|
|
|
|
| |
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Closes #392.
|
Benjamin Barenblat
Alex Chernyakhovsky
Alex Chernyakhovsky
John Hood
Carlos Cabanero
Anders Kaseorg
Geoffrey Thomas
Pasi Sjöholm
Jérémie Courrèges-Anglas
Keith Winstein