• R/O
  • SSH
  • HTTPS

ttssh2: Commit


Commit MetaInfo

Revision9692 (tree)
Time2022-01-17 00:16:19
Authornmaya

Log Message

暗号ライブラリを OpenSSL から LibreSSL に変更

#43469

merge from libressl_3_4_2:
r9623,r9624,r9637,r9648,r9658,r9660,r9676,r9677,r9679,r9680,r9683

Change Summary

Incremental Difference

--- trunk/doc/convtext.bat (revision 9691)
+++ trunk/doc/convtext.bat (revision 9692)
@@ -5,8 +5,8 @@
55 %TOSJIS% -i ..\libs\oniguruma\COPYING -o %REF_J%\Oniguruma-LICENSE.txt -l unix
66 %TOSJIS% -i ..\libs\oniguruma\doc\RE -o %REF_E%\RE.txt -l unix
77 %TOSJIS% -i ..\libs\oniguruma\doc\RE.ja -o %REF_J%\RE.txt -c utf8 -l unix
8-%TOSJIS% -i ..\libs\openssl\LICENSE -o %REF_E%\OpenSSL-LICENSE.txt -l unix
9-%TOSJIS% -i ..\libs\openssl\LICENSE -o %REF_J%\OpenSSL-LICENSE.txt -l unix
8+%TOSJIS% -i ..\libs\libressl\COPYING -o %REF_E%\LibreSSL-LICENSE.txt -l unix
9+%TOSJIS% -i ..\libs\libressl\COPYING -o %REF_J%\LibreSSL-LICENSE.txt -l unix
1010 %TOSJIS% -i ..\libs\putty\LICENCE -o %REF_E%\PuTTY-LICENSE.txt -l crlf
1111 %TOSJIS% -i ..\libs\putty\LICENCE -o %REF_J%\PuTTY-LICENSE.txt -l crlf
1212 %TOSJIS% -i ..\libs\SFMT\LICENSE.txt -o %REF_E%\SFMT-LICENSE.txt -l unix
--- trunk/doc/en/html/about/copyright.html (revision 9691)
+++ trunk/doc/en/html/about/copyright.html (revision 9692)
@@ -29,7 +29,7 @@
2929 <li><a href="https://github.com/kkos/oniguruma">Oniguruma</a> ... <a href="../reference/Oniguruma-LICENSE.txt">2-clause BSD license</a></li>
3030 <li><a href="http://www.math.sci.hiroshima-u.ac.jp/m-mat/MT/SFMT/index.html">SFMT</a> ... <a href="../reference/SFMT-LICENSE.txt">3-clause BSD license</a></li>
3131 <li><a href="https://www.openssh.com">OpenSSH</a> ... <a href="../reference/OpenSSH-LICENSE.txt">BSD style license</a></li>
32- <li><a href="https://www.openssl.org">OpenSSL</a> ... <a href="../reference/OpenSSL-LICENSE.txt">Dual(both) license, OpenSSL License(Apache License 1.0) and SSLeay License(4-clause BSD license)</a></li>
32+ <li><a href="https://www.libressl.org">LibreSSL</a> ... <a href="../reference/LibreSSL-LICENSE.txt">OpenSSL License(Apache License 1.0)" and "SSLeay License(4-clause BSD license)" and "ISC license" and "public domain"</a></li>
3333 <li><a href="https://zlib.net">zlib</a> ... <a href="../reference/zlib-LICENSE.txt">zlib License</a></li>
3434 <li><a href="https://www.chiark.greenend.org.uk/~sgtatham/putty/">PuTTY</a> ... <a href="../reference/PuTTY-LICENSE.txt">MIT License</a></li>
3535 <li><a href="https://github.com/P-H-C/phc-winner-argon2">The reference C implementation of Argon2</a> ... <a href="../reference/argon2-LICENSE.txt">Creative Commons CC0 1.0 License/Waiver or the Apache License 2.0</a></li>
@@ -153,8 +153,8 @@
153153
154154 Copyright of original TTSSH belongs to Robert O'Callahan.
155155 Copyright of TTSSH supporting SSH2 belongs to Yutaka Hirata.
156- Copyright of OpenSSL belongs to OpenSSL project. Please see <a href="../reference/OpenSSL-LICENSE.txt">OpenSSL-LICENSE.txt</a> for more information about license.
157- OpenSSL is linked to this program statically.
156+ Copyright of LibreSSL belongs to OpenBSD project. Please see <a href="../reference/LibreSSL-LICENSE.txt">LibreSSL-LICENSE.txt</a> for more information about license.
157+ LibreSSL is linked to this program statically.
158158 Copyright of zlib belongs to Greg Roelofs and Jean-loup Gaill. Please see <a href="../reference/zlib-LICENSE.txt">OpenSSL-LICENSE.txt</a> for more information about license.
159159 zlib is linked to this program statically.
160160 Copyright of OpenSSH belongs to each developers. Please see <a href="../reference/OpenSSH-LICENSE.txt">OpenSSH-LICENSE.txt</a> for more information.
--- trunk/doc/en/html/about/history.html (revision 9691)
+++ trunk/doc/en/html/about/history.html (revision 9692)
@@ -31,7 +31,7 @@
3131
3232 <h2 id="teraterm">Tera Term</h2>
3333
34-<h3 id="teraterm_5.0">202x.xx.xx (Ver 5.0)</h3>
34+<h3 id="teraterm_5.0">2022.xx.xx (Ver 5.0 not released)</h3>
3535 <ul class="history">
3636 <li>Changes
3737 <ul>
@@ -3303,7 +3303,7 @@
33033303
33043304 <h2 id="ttssh">TTSSH</h2>
33053305
3306-<h3 id="ttssh_2.93">202x.x.x (Ver 2.93 not released)</h3>
3306+<h3 id="ttssh_2.93">2022.xx.xx (Ver 2.93 not released)</h3>
33073307 <ul class="history">
33083308 <!--li>Changes
33093309 <ul>
@@ -3317,6 +3317,7 @@
33173317
33183318 <li>Misc
33193319 <ul>
3320+ <li>Changed cryptography library from OpenSSL to LibreSSL 3.4.2.</li>
33203321 <li>Upgraded PuTTY to PuTTY 0.76.</li>
33213322 </ul>
33223323 </li>
--- trunk/doc/en/html/index.html (revision 9691)
+++ trunk/doc/en/html/index.html (revision 9692)
@@ -142,7 +142,7 @@
142142 <LI><A HREF="reference/Oniguruma-LICENSE.txt">License of Oniguruma</A></LI>
143143 <LI><A HREF="reference/SFMT-LICENSE.txt">License of SFMT</A></LI>
144144 <LI><A HREF="reference/OpenSSH-LICENSE.txt">License of OpenSSH</A></LI>
145- <LI><A HREF="reference/OpenSSL-LICENSE.txt">License of OpenSSL</A></LI>
145+ <LI><A HREF="reference/LibreSSL-LICENSE.txt">License of LibreSSL</A></LI>
146146 <LI><A HREF="reference/zlib-LICENSE.txt">License of zlib</A></LI>
147147 <LI><A HREF="reference/PuTTY-LICENSE.txt">License of PuTTY</A></LI>
148148 <LI><A HREF="reference/argon2-LICENSE.txt">License of The reference C implementation of Argon2</A></LI>
--- trunk/doc/en/html/reference/.gitignore (revision 9691)
+++ trunk/doc/en/html/reference/.gitignore (revision 9692)
@@ -1,6 +1,7 @@
11 CygTerm+-LICENSE.txt
22 Oniguruma-LICENSE.txt
33 OpenSSL-LICENSE.txt
4+LibreSSL-LICENSE.txt
45 PuTTY-LICENSE.txt
56 RE.txt
67 SFMT-LICENSE.txt
--- trunk/doc/en/html/reference/develop.txt (revision 9691)
+++ trunk/doc/en/html/reference/develop.txt (revision 9692)
@@ -77,7 +77,7 @@
7777
7878 * Libraries
7979 - Oniguruma 6.9.7.1 (https://github.com/kkos/oniguruma)
80-- OpenSSL 1.1.1k (http://www.openssl.org/)
80+- LibreSSL 3.4.2 (https://www.libressl.org/)
8181 - zlib 1.2.11 (http://www.zlib.net/)
8282 - PuTTY 0.76 (http://www.chiark.greenend.org.uk/~sgtatham/putty/)
8383 - SFMT 1.5.1 (http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/SFMT/index.html)
@@ -163,11 +163,10 @@
163163 (2) Launch 'Visual Studio 2005 Command Prompt' batch file from start menu.
164164 (3) Move 'libs' directory on the command prompt. And run buildoniguruma6.bat.
165165
166- 3. OpenSSL (used by TTSSH)
167- (1) Extract openssl source into libs/openssl directory.
168- (2) When the libs/openssl/Makefile.bak file exists on the OpenSSL 1.0.0e or later, delete the file only once
169- (3) Launch 'Visual Studio 2005 Command Prompt' batch file from start menu.
170- (4) Move 'libs' directory on the command prompt. And run buildopenssl11.bat.
166+ 3. LibreSSL (used by TTSSH)
167+ (1) Extract LibreSSL source into libs/libressl directory.
168+ (2) Launch 'Visual Studio 2005 Command Prompt' batch file from start menu.
169+ (3) Move 'libs' directory on the command prompt. And run buildlibressl.bat.
171170
172171 4. Zlib (used by TTSSH)
173172 (1) Extract zlib source into libs/zlib directory.
@@ -317,8 +316,8 @@
317316 http://www.jrsoftware.org/isdl.php
318317 Oniguruma
319318 https://github.com/kkos/oniguruma
320- OpenSSL
321- http://www.openssl.org/
319+ LibreSSL
320+ https://www.libressl.org/
322321 zlib
323322 http://www.zlib.net/
324323 PuTTY
--- trunk/doc/en/html/reference/sourcecode.html (revision 9691)
+++ trunk/doc/en/html/reference/sourcecode.html (revision 9692)
@@ -99,7 +99,7 @@
9999 The macro program is linked to pseudorandom number generator "SFMT", which allows to generate random number in "random" macro command.
100100 </p>
101101 <p>
102- "TTSSH" module is linkd to "OpenSSL" library to perform cryptography related operations. One may think that OpenSSL library contains only Secure Socket Layer (SSL) protocol related functions used for secure web access, however that is wrong assumption. OpenSSL library also supports basic cipher algorithms, which are utilized by "TTSSH" module. Since Secure Layer related functions of the library are not used, it is very unlikely that "TTSSH" module will be compromised if a SSL related security hole is found in OpenSSL library.
102+ "TTSSH" module is linkd to "LibreSSL" library to perform cryptography related operations. One may think that LibreSSL library contains only Secure Socket Layer (SSL) protocol related functions used for secure web access, however that is wrong assumption. LibreSSL library also supports basic cipher algorithms, which are utilized by "TTSSH" module. Since Secure Layer related functions of the library are not used, it is very unlikely that "TTSSH" module will be compromised if a SSL related security hole is found in LibreSSL library.
103103 </p>
104104 <p>
105105 "TTSSH" module is linkd to compression Library "zlib" to compress SSH packets. Packet compression is effective on low speed networks like for example with dial-up connections, however in high speed networks it may slow down communication. That's why packet compression function is disabled by default. <br>
--- trunk/doc/ja/html/about/copyright.html (revision 9691)
+++ trunk/doc/ja/html/about/copyright.html (revision 9692)
@@ -29,7 +29,7 @@
2929 <li><a href="https://github.com/kkos/oniguruma">Oniguruma</a> ... <a href="../reference/Oniguruma-LICENSE.txt">二条項BSDライセンス</a></li>
3030 <li><a href="http://www.math.sci.hiroshima-u.ac.jp/m-mat/MT/SFMT/index-jp.html">SFMT</a> ... <a href="../reference/SFMT-LICENSE.txt">三条項BSDライセンス</a></li>
3131 <li><a href="https://www.openssh.com">OpenSSH</a> ... <a href="../reference/OpenSSH-LICENSE.txt">BSDスタイルライセンス</a></li>
32- <li><a href="https://www.openssl.org">OpenSSL</a> ... <a href="../reference/OpenSSL-LICENSE.txt">OpenSSL License(Apache License 1.0) と SSLeay License(四条項BSDライセンス) のデュアルライセンス(両方が適用される)</a></li>
32+ <li><a href="https://www.libressl.org">LibreSSL</a> ... <a href="../reference/LibreSSL-LICENSE.txt">「OpenSSL License(Apache License 1.0)」と「SSLeay License(四条項BSDライセンス)」と「ISC ライセンス」と「パブリックドメイン」</a></li>
3333 <li><a href="https://zlib.net">zlib</a> ... <a href="../reference/zlib-LICENSE.txt">zlibライセンス</a></li>
3434 <li><a href="https://www.chiark.greenend.org.uk/~sgtatham/putty/">PuTTY</a> ... <a href="../reference/PuTTY-LICENSE.txt">MITライセンス</a></li>
3535 <li><a href="https://github.com/P-H-C/phc-winner-argon2">The reference C implementation of Argon2</a> ... <a href="../reference/argon2-LICENSE.txt">Creative Commons CC0 1.0 License/Waiver または Apache License 2.0</a></li>
@@ -146,8 +146,8 @@
146146
147147 TTSSHはRobert O'Callahan氏の著作物です。
148148 TTSSHのSSH2化のコードについては、著作権は平田豊にあります。
149- OpenSSLはOpenSSL Projectの著作物です。ライセンス情報については同梱の<a href="../reference/OpenSSL-LICENSE.txt">OpenSSL-LICENSE.txt</a>をご覧下さい。
150- 本プログラムは、OpenSSLと静的リンクしています。
149+ LibreSSLはOpenBSD Projectの著作物です。ライセンス情報については同梱の<a href="../reference/LibreSSL-LICENSE.txt">LibreSSL-LICENSE.txt</a>をご覧下さい。
150+ 本プログラムは、LibreSSLと静的リンクしています。
151151 zlibはGreg RoelofsとJean-loup Gailly氏の著作物です。ライセンス情報については同梱の<a href="../reference/zlib-LICENSE.txt">zlib-LICENSE.txt</a>をご覧下さい。
152152 本プログラムは、zlibと静的リンクしています。
153153 OpenSSHの著作権は、各開発者にあります。詳しくは同梱の<a href="../reference/OpenSSH-LICENSE.txt">OpenSSH-LICENSE.txt</a>をご覧ください。
--- trunk/doc/ja/html/about/history.html (revision 9691)
+++ trunk/doc/ja/html/about/history.html (revision 9692)
@@ -31,7 +31,7 @@
3131
3232 <h2 id="teraterm">Tera Term</h2>
3333
34-<h3 id="teraterm_5.0">202x.xx.xx (Ver 5.0)</h3>
34+<h3 id="teraterm_5.0">2022.xx.xx (Ver 5.0 not released)</h3>
3535 <ul class="history">
3636 <li>変更
3737 <ul>
@@ -3309,7 +3309,7 @@
33093309
33103310 <h2 id="ttssh">TTSSH</h2>
33113311
3312-<h3 id="ttssh_2.93">202x.x.x (Ver 2.93 not released)</h3>
3312+<h3 id="ttssh_2.93">2022.xx.xx (Ver 2.93 not released)</h3>
33133313 <ul class="history">
33143314 <!--li>変更
33153315 <ul>
@@ -3323,6 +3323,7 @@
33233323
33243324 <li>その他
33253325 <ul>
3326+ <li>暗号ライブラリを OpenSSL から LibreSSL 3.4.2 へ変更した。</li>
33263327 <li>PuTTY 0.76 へ差し替えた。</li>
33273328 </ul>
33283329 </li>
--- trunk/doc/ja/html/index.html (revision 9691)
+++ trunk/doc/ja/html/index.html (revision 9692)
@@ -144,7 +144,7 @@
144144 <LI><A HREF="reference/Oniguruma-LICENSE.txt">鬼車 ライセンス</A></LI>
145145 <LI><A HREF="reference/SFMT-LICENSE.txt">SFMT ライセンス</A></LI>
146146 <LI><A HREF="reference/OpenSSH-LICENSE.txt">OpenSSH ライセンス</A></LI>
147- <LI><A HREF="reference/OpenSSL-LICENSE.txt">OpenSSL ライセンス</A></LI>
147+ <LI><A HREF="reference/LibreSSL-LICENSE.txt">LibreSSL ライセンス</A></LI>
148148 <LI><A HREF="reference/zlib-LICENSE.txt">zlib ライセンス</A></LI>
149149 <LI><A HREF="reference/PuTTY-LICENSE.txt">PuTTY ライセンス</A></LI>
150150 <LI><A HREF="reference/argon2-LICENSE.txt">The reference C implementation of Argon2 ライセンス</A></LI>
--- trunk/doc/ja/html/reference/.gitignore (revision 9691)
+++ trunk/doc/ja/html/reference/.gitignore (revision 9692)
@@ -1,6 +1,7 @@
11 CygTerm+-LICENSE.txt
22 Oniguruma-LICENSE.txt
33 OpenSSL-LICENSE.txt
4+LibreSSL-LICENSE.txt
45 PuTTY-LICENSE.txt
56 RE.txt
67 SFMT-LICENSE.txt
--- trunk/doc/ja/html/reference/develop.txt (revision 9691)
+++ trunk/doc/ja/html/reference/develop.txt (revision 9692)
@@ -70,7 +70,7 @@
7070
7171 ■ ライブラリ
7272 - Oniguruma 6.9.7.1 (https://github.com/kkos/oniguruma)
73-- OpenSSL 1.1.1k (http://www.openssl.org/)
73+- LibreSSL 3.4.2 (https://www.libressl.org/)
7474 - zlib 1.2.11 (http://www.zlib.net/)
7575 - PuTTY 0.76 (http://www.chiark.greenend.org.uk/~sgtatham/putty/)
7676 - SFMT 1.5.1 (http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/SFMT/index-jp.html)
@@ -159,11 +159,10 @@
159159 (2) スタートメニューから「Visual Studio 2005 コマンド プロンプト」を起動する。
160160 (3) コマンドプロンプト上から libs ディレクトリに移動し、buildoniguruma6.bat を実行する。
161161
162- 3. OpenSSL (used by TTSSH)
163- (1) openssl のソースを libs/openssl の中に展開する。
164- (2) OpenSSL 1.0.0e 以降で、libs/openssl/Makefile.bak が最初から存在する場合は、一度だけ手動で削除してください。
165- (3) スタートメニューから「Visual Studio 2005 コマンド プロンプト」を起動する。
166- (4) コマンドプロンプト上から libs ディレクトリに移動し、buildopenssl11.bat を実行する。
162+ 3. LibreSSL (used by TTSSH)
163+ (1) LibreSSL のソースを libs/libressl の中に展開する。
164+ (2) スタートメニューから「Visual Studio 2005 コマンド プロンプト」を起動する。
165+ (3) コマンドプロンプト上から libs ディレクトリに移動し、buildlibressl.bat を実行する。
167166
168167 4. Zlib (used by TTSSH)
169168 (1) zlib のソースを libs/zlib の中に展開する。
@@ -316,8 +315,8 @@
316315 http://www.jrsoftware.org/isdl.php
317316 Oniguruma
318317 https://github.com/kkos/oniguruma
319- OpenSSL
320- http://www.openssl.org/
318+ LibreSSL
319+ https://www.libressl.org/
321320 zlib
322321 http://www.zlib.net/
323322 PuTTY
--- trunk/doc/ja/html/reference/sourcecode.html (revision 9691)
+++ trunk/doc/ja/html/reference/sourcecode.html (revision 9692)
@@ -95,7 +95,7 @@
9595 Tera Termマクロプログラムは、疑似乱数生成器"SFMT"をリンクしています。"random"コマンドにおいて乱数の生成に利用されています。
9696 </p>
9797 <p>
98- SSHモジュールであるTTSSHは、暗号処理を行うために"OpenSSL"をリンクしています。OpenSSLというネーミングからWebアクセスに使われるSSL(Secure Socket Layer)プロトコル専用のライブラリかと思われがちですが、そうではありません。OpenSSLは基本的な暗号アルゴリズムをサポートしており、TTSSHではOpenSSLに含まれる暗号化/復号ルーチンのみを利用しています。このことは、すなわちOpenSSLライブラリにSSL関連のセキュリティホールが発見されたとしても、TTSSHへの影響は極めて低いということです。
98+ SSHモジュールであるTTSSHは、暗号処理を行うために"LibreSSL"をリンクしています。LibreSSLというネーミングからWebアクセスに使われるSSL(Secure Socket Layer)プロトコル専用のライブラリかと思われがちですが、そうではありません。LibreSSLは基本的な暗号アルゴリズムをサポートしており、TTSSHではLibreSSLに含まれる暗号化/復号ルーチンのみを利用しています。このことは、すなわちLibreSSLライブラリにSSL関連のセキュリティホールが発見されたとしても、TTSSHへの影響は極めて低いということです。
9999 </p>
100100 <p>
101101 SSHモジュールであるTTSSHは、SSHパケットの圧縮を行うために圧縮ライブラリ"zlib"をリンクしています。ただし、ダイヤルアップ回線などの低速度なネットワークにおいては、パケット圧縮は有効ですが、昨今の高速回線ではむしろ速度低下を招く足かせとなります。ゆえに、デフォルトではパケット圧縮機能は無効化されています。
--- trunk/libs/buildall.bat (revision 9691)
+++ trunk/libs/buildall.bat (revision 9692)
@@ -10,7 +10,7 @@
1010 exit /b 1
1111 )
1212
13-CALL buildopenssl11.bat
13+CALL buildlibressl.bat
1414 if ERRORLEVEL 1 (
1515 echo "buildall.bat を終了します"
1616 exit /b 1
--- trunk/libs/buildlibressl.bat (nonexistent)
+++ trunk/libs/buildlibressl.bat (revision 9692)
@@ -0,0 +1,68 @@
1+rem LibreSSLのビルド
2+
3+cd libressl
4+
5+
6+if exist "CMakeCache.txt" goto end
7+
8+
9+if not "%VSINSTALLDIR%" == "" goto vsinstdir
10+
11+:check_2019
12+if "%VS160COMNTOOLS%" == "" goto check_2022
13+if not exist "%VS160COMNTOOLS%\VsDevCmd.bat" goto check_2022
14+call "%VS160COMNTOOLS%\VsDevCmd.bat"
15+goto vs2019
16+
17+:check_2022
18+if "%VS170COMNTOOLS%" == "" goto novs
19+if not exist "%VS170COMNTOOLS%\VsDevCmd.bat" goto novs
20+call "%VS170COMNTOOLS%\VsDevCmd.bat"
21+goto vs2022
22+
23+:novs
24+echo "Can't find Visual Studio"
25+goto fail
26+
27+:vsinstdir
28+rem Visual Studioのバージョン判別
29+set VSCMNDIR="%VSINSTALLDIR%\Common7\Tools\"
30+set VSCMNDIR=%VSCMNDIR:\\=\%
31+
32+if /I %VSCMNDIR% EQU "%VS160COMNTOOLS%" goto vs2019
33+if /I %VSCMNDIR% EQU "%VS170COMNTOOLS%" goto vs2022
34+
35+echo Unknown Visual Studio version
36+goto fail
37+
38+:vs2019
39+set CMAKE_PARAMETER=-G "Visual Studio 16 2019" -A Win32
40+goto vsend
41+
42+:vs2022
43+set CMAKE_PARAMETER=-G "Visual Studio 17 2022" -A Win32
44+goto vsend
45+
46+:vsend
47+
48+set CMAKE=cmake
49+rem set CMAKE="C:\Program Files\CMake\bin\cmake"
50+rem set CMAKE="%VSINSTALLDIR%\Common7\IDE\CommonExtensions\Microsoft\CMake\CMake\bin\cmake"
51+
52+%CMAKE% -DMSVC=on -DUSE_STATIC_MSVC_RUNTIMES=on %CMAKE_PARAMETER%
53+
54+devenv /build Debug LibreSSL.sln /project crypto /projectconfig Debug
55+
56+devenv /build Release LibreSSL.sln /project crypto /projectconfig Release
57+
58+
59+:end
60+cd ..
61+exit /b 0
62+
63+
64+:fail
65+cd ..
66+echo "buildlibressl.bat を終了します"
67+@echo on
68+exit /b 1
--- trunk/ttssh2/ttxssh/CMakeLists.txt (revision 9691)
+++ trunk/ttssh2/ttxssh/CMakeLists.txt (revision 9692)
@@ -1,9 +1,15 @@
11 set(PACKAGE_NAME "ttxssh")
22
3+option(TTXSSH_LIBRESSL "User LibreSSL" on)
4+
35 project(${PACKAGE_NAME})
46
57 include(${CMAKE_CURRENT_SOURCE_DIR}/../../libs/lib_zlib.cmake)
6-include(${CMAKE_CURRENT_SOURCE_DIR}/../../libs/lib_openssl.cmake)
8+if(TTXSSH_LIBRESSL)
9+ include(${CMAKE_CURRENT_SOURCE_DIR}/../../libs/lib_libressl.cmake)
10+else()
11+ include(${CMAKE_CURRENT_SOURCE_DIR}/../../libs/lib_openssl.cmake)
12+endif()
713
814 add_library(
915 ${PACKAGE_NAME} SHARED
@@ -155,10 +161,23 @@
155161 ../../teraterm/common
156162 ../matcher
157163 ../putty
158- ${OPENSSL_INCLUDE_DIRS}
159164 ${ZLIB_INCLUDE_DIRS}
160-)
165+ )
166+if(TTXSSH_LIBRESSL)
167+ target_include_directories(
168+ ${PACKAGE_NAME}
169+ PRIVATE
170+ ${LIBRESSL_INCLUDE_DIRS}
171+ )
172+else()
173+ target_include_directories(
174+ ${PACKAGE_NAME}
175+ PRIVATE
176+ ${OPENSSL_INCLUDE_DIRS}
177+ )
178+endif()
161179
180+
162181 set_target_properties(
163182 ${PACKAGE_NAME}
164183 PROPERTIES
@@ -188,9 +207,24 @@
188207 ttpcmn
189208 argon2
190209 ${ZLIB_LIB}
191- ${OPENSSL_LIB}
192210 )
193211
212+if(TTXSSH_LIBRESSL)
213+ target_link_libraries(
214+ ${PACKAGE_NAME}
215+ PRIVATE
216+ ${LIBRESSL_LIB}
217+ bcrypt.lib
218+ )
219+else()
220+ target_link_libraries(
221+ ${PACKAGE_NAME}
222+ PRIVATE
223+ ${OPENSSL_LIB}
224+ crypt32.lib # TODO このlibを使用しないパッチを適応したら削除すること
225+ )
226+endif()
227+
194228 if(SUPPORT_OLD_WINDOWS)
195229 target_link_libraries(
196230 ${PACKAGE_NAME}
@@ -206,8 +240,6 @@
206240 gdi32
207241 comdlg32
208242 comctl32
209- # OpenSSL が使用
210- crypt32.lib # TODO このlibを使用しないパッチを適応したら削除すること
211243 )
212244
213245 install(
--- trunk/ttssh2/ttxssh/arc4random.c (revision 9691)
+++ trunk/ttssh2/ttxssh/arc4random.c (revision 9692)
@@ -22,8 +22,16 @@
2222
2323 /*
2424 * ChaCha based random number generator for OpenBSD.
25+ * openssh-portable: openbsd-compat/arc4random.c
2526 */
2627
28+/*
29+ * with LibreSSL, use getentropy() instead of RAND_bytes().
30+ * OpenBSD: lib/libcrypto/arc4random/getentropy_win.c
31+ * $OpenBSD: getentropy_win.c,v 1.6 2020/11/11 10:41:24 bcook Exp $
32+ */
33+
34+
2735 #include <sys/types.h>
2836
2937 #include <stdlib.h>
@@ -35,8 +43,12 @@
3543 #include "arc4random.h"
3644 #include "chacha.h"
3745
46+#ifndef LIBRESSL_VERSION_NUMBER
3847 #include <openssl/rand.h>
3948 #include <openssl/err.h>
49+#else
50+#include <bcrypt.h>
51+#endif
4052
4153 /* OpenSSH isn't multithreaded */
4254 #define _ARC4_LOCK()
@@ -64,14 +76,41 @@
6476 chacha_ivsetup(&rs, buf + KEYSZ, NULL);
6577 }
6678
79+#ifdef LIBRESSL_VERSION_NUMBER
80+/*
81+ * On Windows, BCryptGenRandom with BCRYPT_USE_SYSTEM_PREFERRED_RNG is supposed
82+ * to be a well-seeded, cryptographically strong random number generator.
83+ * https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom
84+ */
85+static int
86+getentropy(void *buf, size_t len)
87+{
88+ if (len > 256) {
89+ return (-1);
90+ }
91+
92+ if (FAILED(BCryptGenRandom(NULL, buf, len, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
93+ return (-1);
94+ }
95+
96+ return (0);
97+}
98+#endif /* LIBRESSL_VERSION_NUMBER */
99+
67100 static void
68101 _rs_stir(void)
69102 {
70103 u_char rnd[KEYSZ + IVSZ];
71104
105+#ifndef LIBRESSL_VERSION_NUMBER
72106 if (RAND_bytes(rnd, sizeof(rnd)) <= 0) {
73107 return;
74108 }
109+#else
110+ if (getentropy(rnd, sizeof(rnd)) <= 0) {
111+ return;
112+ }
113+#endif
75114
76115 if (!rs_initialized) {
77116 rs_initialized = 1;
--- trunk/ttssh2/ttxssh/cipher-3des1.c (revision 9691)
+++ trunk/ttssh2/ttxssh/cipher-3des1.c (revision 9692)
@@ -52,7 +52,6 @@
5252 };
5353
5454 const EVP_CIPHER * evp_ssh1_3des(void);
55-int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
5655
5756 static int ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, int enc)
5857 {
@@ -124,37 +123,9 @@
124123 return 1;
125124 }
126125
127-// ssh1_3des_iv は未使用。
128-int ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len)
129-{
130- struct ssh1_3des_ctx *c;
131-
132- if (len != 24) {
133- //fatal("%s: bad 3des iv length: %d", __func__, len);
134- return SSH_ERR_INVALID_ARGUMENT;
135- }
136-
137- if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) {
138- //fatal("%s: no 3des context", __func__);
139- return SSH_ERR_INTERNAL_ERROR;
140- }
141-
142- if (doset) {
143- //debug3("%s: Installed 3DES IV", __func__);
144- memcpy(EVP_CIPHER_CTX_iv_noconst(c->k1), iv, 8);
145- memcpy(EVP_CIPHER_CTX_iv_noconst(c->k2), iv + 8, 8);
146- memcpy(EVP_CIPHER_CTX_iv_noconst(c->k3), iv + 16, 8);
147- } else {
148- //debug3("%s: Copying 3DES IV", __func__);
149- memcpy(iv, EVP_CIPHER_CTX_iv(c->k1), 8);
150- memcpy(iv + 8, EVP_CIPHER_CTX_iv(c->k2), 8);
151- memcpy(iv + 16, EVP_CIPHER_CTX_iv(c->k3), 8);
152- }
153- return 0;
154-}
155-
156126 const EVP_CIPHER *evp_ssh1_3des(void)
157127 {
128+#ifndef LIBRESSL_VERSION_NUMBER
158129 static EVP_CIPHER *p = NULL;
159130
160131 if (p == NULL) {
@@ -169,4 +140,18 @@
169140 EVP_CIPHER_meth_set_flags(p, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH);
170141 }
171142 return (p);
143+#else
144+ static EVP_CIPHER ssh1_3des;
145+
146+ memset(&ssh1_3des, 0, sizeof(EVP_CIPHER));
147+ ssh1_3des.nid = NID_undef;
148+ ssh1_3des.block_size = 8;
149+ ssh1_3des.iv_len = 0;
150+ ssh1_3des.key_len = 16;
151+ ssh1_3des.init = ssh1_3des_init;
152+ ssh1_3des.cleanup = ssh1_3des_cleanup;
153+ ssh1_3des.do_cipher = ssh1_3des_cbc;
154+ ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH;
155+ return (&ssh1_3des);
156+#endif
172157 }
--- trunk/ttssh2/ttxssh/cipher-ctr.c (revision 9691)
+++ trunk/ttssh2/ttxssh/cipher-ctr.c (revision 9692)
@@ -133,6 +133,7 @@
133133 const EVP_CIPHER *
134134 evp_aes_128_ctr(void)
135135 {
136+#ifndef LIBRESSL_VERSION_NUMBER
136137 static EVP_CIPHER *p = NULL;
137138
138139 if (p == NULL) {
@@ -147,6 +148,22 @@
147148 EVP_CIPHER_meth_set_flags(p, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV);
148149 }
149150 return (p);
151+#else
152+ static EVP_CIPHER aes_ctr;
153+
154+ memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
155+ aes_ctr.nid = NID_undef;
156+ aes_ctr.block_size = AES_BLOCK_SIZE;
157+ aes_ctr.iv_len = AES_BLOCK_SIZE;
158+ aes_ctr.key_len = 16;
159+ aes_ctr.init = ssh_aes_ctr_init;
160+ aes_ctr.cleanup = ssh_aes_ctr_cleanup;
161+ aes_ctr.do_cipher = ssh_aes_ctr;
162+#ifndef SSH_OLD_EVP
163+ aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
164+#endif
165+ return (&aes_ctr);
166+#endif
150167 }
151168
152169 //============================================================================
@@ -212,6 +229,7 @@
212229 const EVP_CIPHER *
213230 evp_des3_ctr(void)
214231 {
232+#ifndef LIBRESSL_VERSION_NUMBER
215233 static EVP_CIPHER *p = NULL;
216234
217235 if (p == NULL) {
@@ -226,6 +244,22 @@
226244 EVP_CIPHER_meth_set_flags(p, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV);
227245 }
228246 return (p);
247+#else
248+ static EVP_CIPHER des3_ctr;
249+
250+ memset(&des3_ctr, 0, sizeof(EVP_CIPHER));
251+ des3_ctr.nid = NID_undef;
252+ des3_ctr.block_size = DES_BLOCK_SIZE;
253+ des3_ctr.iv_len = DES_BLOCK_SIZE;
254+ des3_ctr.key_len = 24;
255+ des3_ctr.init = ssh_des3_ctr_init;
256+ des3_ctr.cleanup = ssh_des3_ctr_cleanup;
257+ des3_ctr.do_cipher = ssh_des3_ctr;
258+#ifndef SSH_OLD_EVP
259+ des3_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
260+#endif
261+ return (&des3_ctr);
262+#endif
229263 }
230264
231265 //============================================================================
@@ -306,6 +340,7 @@
306340 const EVP_CIPHER *
307341 evp_bf_ctr(void)
308342 {
343+#ifndef LIBRESSL_VERSION_NUMBER
309344 static EVP_CIPHER *p = NULL;
310345
311346 if (p == NULL) {
@@ -320,6 +355,22 @@
320355 EVP_CIPHER_meth_set_flags(p, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV);
321356 }
322357 return (p);
358+#else
359+ static EVP_CIPHER blowfish_ctr;
360+
361+ memset(&blowfish_ctr, 0, sizeof(EVP_CIPHER));
362+ blowfish_ctr.nid = NID_undef;
363+ blowfish_ctr.block_size = BF_BLOCK;
364+ blowfish_ctr.iv_len = BF_BLOCK;
365+ blowfish_ctr.key_len = 16;
366+ blowfish_ctr.init = ssh_bf_ctr_init;
367+ blowfish_ctr.cleanup = ssh_bf_ctr_cleanup;
368+ blowfish_ctr.do_cipher = ssh_bf_ctr;
369+#ifndef SSH_OLD_EVP
370+ blowfish_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
371+#endif
372+ return (&blowfish_ctr);
373+#endif
323374 }
324375
325376 //============================================================================
@@ -400,6 +451,7 @@
400451 const EVP_CIPHER *
401452 evp_cast5_ctr(void)
402453 {
454+#ifndef LIBRESSL_VERSION_NUMBER
403455 static EVP_CIPHER *p = NULL;
404456
405457 if (p == NULL) {
@@ -414,6 +466,22 @@
414466 EVP_CIPHER_meth_set_flags(p, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV);
415467 }
416468 return (p);
469+#else
470+ static EVP_CIPHER cast5_ctr;
471+
472+ memset(&cast5_ctr, 0, sizeof(EVP_CIPHER));
473+ cast5_ctr.nid = NID_undef;
474+ cast5_ctr.block_size = CAST_BLOCK;
475+ cast5_ctr.iv_len = CAST_BLOCK;
476+ cast5_ctr.key_len = 16;
477+ cast5_ctr.init = ssh_cast5_ctr_init;
478+ cast5_ctr.cleanup = ssh_cast5_ctr_cleanup;
479+ cast5_ctr.do_cipher = ssh_cast5_ctr;
480+#ifndef SSH_OLD_EVP
481+ cast5_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
482+#endif
483+ return (&cast5_ctr);
484+#endif
417485 }
418486
419487 //============================================================================
@@ -474,7 +542,7 @@
474542 const EVP_CIPHER *
475543 evp_camellia_128_ctr(void)
476544 {
477-
545+#ifndef LIBRESSL_VERSION_NUMBER
478546 static EVP_CIPHER *p = NULL;
479547
480548 if (p == NULL) {
@@ -489,4 +557,20 @@
489557 EVP_CIPHER_meth_set_flags(p, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV);
490558 }
491559 return (p);
560+#else
561+ static EVP_CIPHER camellia_ctr;
562+
563+ memset(&camellia_ctr, 0, sizeof(EVP_CIPHER));
564+ camellia_ctr.nid = NID_undef;
565+ camellia_ctr.block_size = CAMELLIA_BLOCK_SIZE;
566+ camellia_ctr.iv_len = CAMELLIA_BLOCK_SIZE;
567+ camellia_ctr.key_len = 16;
568+ camellia_ctr.init = ssh_camellia_ctr_init;
569+ camellia_ctr.cleanup = ssh_camellia_ctr_cleanup;
570+ camellia_ctr.do_cipher = ssh_camellia_ctr;
571+#ifndef SSH_OLD_EVP
572+ camellia_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
573+#endif
574+ return (&camellia_ctr);
575+#endif
492576 }
Show on old repository browser