cmake: Propagate WITH_FINAL to abimap conditionally

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>

.gitlab-ci.yml

@@ -301,6 +301,37 @@ fedora/openssl_3.x/x86_64/minimal:
       make test_memcheck
     - cat Testing/Temporary/MemoryChecker.*.log | wc -l | grep "^0$"
 
+fedora/libressl/x86_64:
+  extends: .fedora
+  stage: test
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
+  variables:
+    LIBRESSL_VERSION: "4.2.1"
+    CMAKE_ADDITIONAL_OPTIONS: >
+      -DCMAKE_C_FLAGS="-I/opt/libressl/include"
+      -DOPENSSL_ROOT_DIR=/opt/libressl
+      -DOPENSSL_INCLUDE_DIR=/opt/libressl/include
+      -DOPENSSL_CRYPTO_LIBRARY=/opt/libressl/lib/libcrypto.so
+      -DOPENSSL_SSL_LIBRARY=/opt/libressl/lib/libssl.so
+      -DWITH_GSSAPI=OFF
+      -DWITH_FIDO2=OFF
+  before_script:
+    - *build
+    - dnf install -y perl-core autoconf automake libtool pkgconf-pkg-config
+    - curl -LO https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VERSION}.tar.gz
+    - tar xf libressl-${LIBRESSL_VERSION}.tar.gz
+    - cd libressl-${LIBRESSL_VERSION}
+    - ./configure --prefix=/opt/libressl
+    - make -j$(nproc)
+    - make install
+    - cd ..
+  script:
+    - export PKG_CONFIG_PATH=/opt/libressl/lib/pkgconfig
+    - export LD_LIBRARY_PATH=/opt/libressl/lib
+    - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. &&
+      make -j$(nproc) &&
+      ctest --output-on-failure
+
 # The PKCS#11 support is turned off as it brings dozens of memory issues from
 # engine_pkcs11 or openssl itself
 fedora/valgrind/openssl:

.gitlab-ci/local-ci.sh

@@ -0,0 +1,116 @@
+#!/usr/bin/env bash
+set -e
+
+RED="\033[1;31m"
+GREEN="\033[1;32m"
+YELLOW="\033[1;33m"
+BLUE="\033[1;34m"
+RESET="\033[0m"
+
+export GCL_IGNORE_PREDEFINED_VARS=CI_REGISTRY
+
+BASE_SHA=$(git merge-base HEAD origin/master 2>/dev/null || git rev-parse HEAD~1)
+
+COMMON_ARGS=(
+  --variable "CI_MERGE_REQUEST_DIFF_BASE_SHA=$BASE_SHA"
+  --variable "CI_REGISTRY=registry.gitlab.com"
+  --json-schema-validation=false
+)
+
+check_requirements() {
+  for cmd in docker git gitlab-ci-local; do
+    if ! command -v "$cmd" >/dev/null 2>&1; then
+      echo -e "${RED}Missing dependency: $cmd${RESET}"
+      exit 1
+    fi
+    echo -e "${GREEN}Found: $cmd${RESET}"
+  done
+
+  if ! docker info >/dev/null 2>&1; then
+    echo -e "${RED}Docker daemon is not running or permission denied${RESET}"
+    exit 1
+  fi
+}
+
+list_jobs() {
+  gitlab-ci-local --list --json-schema-validation=false | awk 'NR>1 {print $1}'
+}
+
+run_job() {
+  JOB="$1"
+  echo -e "${YELLOW}Running CI job: $JOB${RESET}"
+  gitlab-ci-local "$JOB" "${COMMON_ARGS[@]}"
+}
+
+cleanup_images() {
+  echo -e "${BLUE}Removing libssh CI images only...${RESET}"
+  docker images --format "{{.Repository}}:{{.Tag}} {{.ID}}" \
+    | grep "$CI_REGISTRY/$BUILD_IMAGES_PROJECT" \
+    | awk '{print $2}' \
+    | xargs -r docker rmi -f
+}
+
+usage() {
+  echo
+  echo -e "${BLUE}Usage:${RESET}"
+  echo "  $0 --list"
+  echo "  $0 --run <job-name>"
+  echo "  $0 --all"
+  echo "  $0 --run <job-name> --clean"
+  echo "  $0 --all --clean"
+  echo
+  exit 1
+}
+
+check_requirements
+
+CLEAN=0
+MODE=""
+JOB=""
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --list)
+      MODE="list"
+      shift
+      ;;
+    --run)
+      MODE="run"
+      JOB="$2"
+      shift 2
+      ;;
+    --all)
+      MODE="all"
+      shift
+      ;;
+    --clean)
+      CLEAN=1
+      shift
+      ;;
+    *)
+      usage
+      ;;
+  esac
+done
+
+case "$MODE" in
+  list)
+    list_jobs
+    ;;
+  run)
+    [[ -z "$JOB" ]] && usage
+    run_job "$JOB"
+    [[ "$CLEAN" -eq 1 ]] && cleanup_images
+    ;;
+  all)
+    for job in $(list_jobs); do
+      run_job "$job"
+      [[ "$CLEAN" -eq 1 ]] && cleanup_images
+    done
+    ;;
+  *)
+    usage
+    ;;
+esac
+
+echo -e "${GREEN}Done.${RESET}"

CMakeLists.txt

@@ -90,7 +90,7 @@ endif (WITH_FIDO2)
 
 # Disable symbol versioning in non UNIX platforms
 if (UNIX)
-    find_package(ABIMap 0.3.1)
+    find_package(ABIMap 0.4.0)
 else (UNIX)
     set(WITH_SYMBOL_VERSIONING OFF)
 endif (UNIX)
@@ -181,6 +181,10 @@ if (WITH_SYMBOL_VERSIONING AND ABIMAP_FOUND)
             set(ALLOW_ABI_BREAK "BREAK_ABI")
         endif()
 
+        if (WITH_FINAL)
+            set(FINAL "FINAL")
+        endif()
+
         # Target we can depend on in 'make dist'
         set(_SYMBOL_TARGET "${PROJECT_NAME}.map")
 
@@ -193,7 +197,7 @@ if (WITH_SYMBOL_VERSIONING AND ABIMAP_FOUND)
                           RELEASE_NAME_VERSION ${PROJECT_NAME}_${LIBRARY_VERSION}
                           CURRENT_MAP ${MAP_PATH}
                           COPY_TO ${MAP_PATH}
-                          FINAL
+                          ${FINAL}
                           ${ALLOW_ABI_BREAK})
 
         # Write the current version to the source

CONTRIBUTING.md

@@ -137,6 +137,33 @@ The script exceeded the maximum execution time set for the job
 Note, that the built dependencies are cached so after successful build in your
 namespace, the rebuilds should be much faster.
 
+## Running GitLab CI locally (optional helper)
+
+For contributors working on CI, build system changes, or adding new CI jobs, it can be useful to run GitLab CI pipelines locally before pushing.
+
+libssh provides a small helper script based on `gitlab-ci-local` that can:
+
+- List all jobs defined in `.gitlab-ci.yml`
+- Run a specific job or the full pipeline locally
+- Automatically pick up new jobs when they are added to the CI configuration
+- Optionally clean up CI Docker images after execution
+
+### Requirements
+
+- Docker (daemon running)
+- git
+- gitlab-ci-local  
+  https://github.com/firecow/gitlab-ci-local
+
+### Usage
+
+```bash
+./.gitlab-ci/local-ci.sh --list
+./.gitlab-ci/local-ci.sh --run fedora/libressl/x86_64
+./.gitlab-ci/local-ci.sh --all
+./.gitlab-ci/local-ci.sh --run fedora/libressl/x86_64 --clean
+```
+
 # Coding conventions in the libssh tree
 
 ## Quick Start

doc/CMakeLists.txt

@@ -189,7 +189,6 @@ if (DOXYGEN_FOUND)
         sftp_message,
         sftp_packet,
         sftp_request_queue,
-        sftp_session,
         sftp_status_message,
         sftp_statvfs_t,
         poll_fn,

include/libssh/sftp.h

@@ -74,6 +74,21 @@ typedef struct sftp_file_struct* sftp_file;
 typedef struct sftp_message_struct* sftp_message;
 typedef struct sftp_packet_struct* sftp_packet;
 typedef struct sftp_request_queue_struct* sftp_request_queue;
+
+/**
+ * @brief SFTP session handle.
+ *
+ * This type represents an active SFTP session associated with an SSH channel.
+ * It is created and destroyed via the libssh SFTP API and is internally
+ * managed by libssh. It is used by applications to perform SFTP operations
+ * such as file access and directory management.
+ *
+ * The internal structure of this type is opaque and must not be accessed
+ * directly by applications.
+ *
+ * @see sftp_new
+ * @see sftp_free
+ */
 typedef struct sftp_session_struct* sftp_session;
 typedef struct sftp_status_message_struct* sftp_status_message;
 typedef struct sftp_statvfs_struct* sftp_statvfs_t;

src/external/libcrux_mlkem768_sha3.c

@@ -28,8 +28,9 @@
 
 #include "config.h"
 
+#include <stdio.h>
+
 #include "libssh/mlkem_native.h"
-#include "libssh/priv.h"
 
 #if !defined(__GNUC__) || (__GNUC__ < 2)
 # define __attribute__(x)
@@ -38,7 +39,7 @@
 #define KRML_NOINLINE __attribute__((noinline, unused))
 #define KRML_HOST_EPRINTF(...)
 #define KRML_HOST_EXIT(x) do { \
-    SSH_LOG(SSH_LOG_WARNING, "internal error"); \
+    fprintf(stderr, "mlkem internal error"); \
     exit(x); \
 } while (0)
 

src/libcrypto.c

@@ -40,7 +40,9 @@
 #endif
 
 #ifdef HAVE_LIBCRYPTO
-
+#ifdef LIBRESSL_VERSION_NUMBER
+#include <openssl/poly1305.h>
+#endif
 #include <openssl/err.h>
 #include <openssl/md5.h>
 #include <openssl/opensslv.h>
@@ -572,12 +574,11 @@ static void evp_cipher_cleanup(struct ssh_cipher_struct *cipher) {
     }
 }
 
-static int
+static int evp_cipher_aead_get_length(struct ssh_cipher_struct *cipher,
-evp_cipher_aead_get_length(struct ssh_cipher_struct *cipher,
+                                      void *in,
-                           void *in,
+                                      uint8_t *out,
-                           uint8_t *out,
+                                      size_t len,
-                           size_t len,
+                                      uint64_t seq)
-                           uint64_t seq)
 {
     (void)cipher;
     (void)seq;
@@ -588,13 +589,12 @@ evp_cipher_aead_get_length(struct ssh_cipher_struct *cipher,
     return SSH_OK;
 }
 
-static void
+static void evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
-evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
+                                    void *in,
-                        void *in,
+                                    void *out,
-                        void *out,
+                                    size_t len,
-                        size_t len,
+                                    uint8_t *tag,
-                        uint8_t *tag,
+                                    uint64_t seq)
-                        uint64_t seq)
 {
     size_t authlen, aadlen;
     uint8_t lastiv[1];
@@ -608,10 +608,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
     authlen = cipher->tag_size;
 
     /* increment IV */
-    rc = EVP_CIPHER_CTX_ctrl(cipher->ctx,
+    rc = EVP_CIPHER_CTX_ctrl(cipher->ctx, EVP_CTRL_GCM_IV_GEN, 1, lastiv);
-                             EVP_CTRL_GCM_IV_GEN,
-                             1,
-                             lastiv);
     if (rc == 0) {
         SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_IV_GEN failed");
         return;
@@ -643,9 +640,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
     }
 
     /* compute tag */
-    rc = EVP_EncryptFinal(cipher->ctx,
+    rc = EVP_EncryptFinal(cipher->ctx, NULL, &tmplen);
-                          NULL,
-                          &tmplen);
     if (rc < 0) {
         SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptFinal failed: Failed to create a tag");
         return;
@@ -661,12 +656,11 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
     }
 }
 
-static int
+static int evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
-evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
+                                   void *complete_packet,
-                        void *complete_packet,
+                                   uint8_t *out,
-                        uint8_t *out,
+                                   size_t encrypted_size,
-                        size_t encrypted_size,
+                                   uint64_t seq)
-                        uint64_t seq)
 {
     size_t authlen, aadlen;
     uint8_t lastiv[1];
@@ -679,10 +673,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
     authlen = cipher->tag_size;
 
     /* increment IV */
-    rc = EVP_CIPHER_CTX_ctrl(cipher->ctx,
+    rc = EVP_CIPHER_CTX_ctrl(cipher->ctx, EVP_CTRL_GCM_IV_GEN, 1, lastiv);
-                             EVP_CTRL_GCM_IV_GEN,
-                             1,
-                             lastiv);
     if (rc == 0) {
         SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_IV_GEN failed");
         return SSH_ERROR;
@@ -692,7 +683,8 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
     rc = EVP_CIPHER_CTX_ctrl(cipher->ctx,
                              EVP_CTRL_GCM_SET_TAG,
                              (int)authlen,
-                             (unsigned char *)complete_packet + aadlen + encrypted_size);
+                             (unsigned char *)complete_packet + aadlen +
+                                 encrypted_size);
     if (rc == 0) {
         SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_SET_TAG failed");
         return SSH_ERROR;
@@ -731,11 +723,10 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
     }
 
     /* verify tag */
-    rc = EVP_DecryptFinal(cipher->ctx,
+    rc = EVP_DecryptFinal(cipher->ctx, NULL, &outlen);
-                          NULL,
-                          &outlen);
     if (rc < 0) {
-        SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptFinal failed: Failed authentication");
+        SSH_LOG(SSH_LOG_TRACE,
+                "EVP_DecryptFinal failed: Failed authentication");
         return SSH_ERROR;
     }
 
@@ -749,7 +740,10 @@ struct chacha20_poly1305_keysched {
     EVP_CIPHER_CTX *main_evp;
     /* cipher handle used for encrypting the length field */
     EVP_CIPHER_CTX *header_evp;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if defined(LIBRESSL_VERSION_NUMBER)
+    /* LibreSSL Poly1305 context */
+    poly1305_context poly_ctx;
+#elif OPENSSL_VERSION_NUMBER < 0x30000000L
     /* mac handle used for authenticating the packets */
     EVP_PKEY_CTX *pctx;
     /* Poly1305 key */
@@ -762,8 +756,7 @@ struct chacha20_poly1305_keysched {
 #endif /* OPENSSL_VERSION_NUMBER */
 };
 
-static void
+static void chacha20_poly1305_cleanup(struct ssh_cipher_struct *cipher)
-chacha20_poly1305_cleanup(struct ssh_cipher_struct *cipher)
 {
     struct chacha20_poly1305_keysched *ctx = NULL;
 
@@ -774,10 +767,12 @@ chacha20_poly1305_cleanup(struct ssh_cipher_struct *cipher)
     ctx = cipher->chacha20_schedule;
 
     EVP_CIPHER_CTX_free(ctx->main_evp);
-    ctx->main_evp  = NULL;
+    ctx->main_evp = NULL;
     EVP_CIPHER_CTX_free(ctx->header_evp);
     ctx->header_evp = NULL;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if defined(LIBRESSL_VERSION_NUMBER)
+    /* nothing to free */
+#elif OPENSSL_VERSION_NUMBER < 0x30000000L
     /* ctx->pctx is freed as part of MD context */
     EVP_PKEY_free(ctx->key);
     ctx->key = NULL;
@@ -791,10 +786,9 @@ chacha20_poly1305_cleanup(struct ssh_cipher_struct *cipher)
     SAFE_FREE(cipher->chacha20_schedule);
 }
 
-static int
+static int chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
-chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
+                                     void *key,
-                          void *key,
+                                     UNUSED_PARAM(void *IV))
-                          UNUSED_PARAM(void *IV))
 {
     struct chacha20_poly1305_keysched *ctx = NULL;
     uint8_t *u8key = key;
@@ -841,7 +835,9 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
     /* The Poly1305 key initialization is delayed to the time we know
      * the actual key for packet so we do not need to create a bogus keys
      */
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if defined(LIBRESSL_VERSION_NUMBER)
+    /* nothing, poly1305_context is stack based */
+#elif OPENSSL_VERSION_NUMBER < 0x30000000L
     ctx->mctx = EVP_MD_CTX_new();
     if (ctx->mctx == NULL) {
         SSH_LOG(SSH_LOG_TRACE, "EVP_MD_CTX_new failed");
@@ -873,10 +869,9 @@ out:
 
 static const uint8_t zero_block[CHACHA20_BLOCKSIZE] = {0};
 
-static int
+static int chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher,
-chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher,
+                                    uint64_t seq,
-                         uint64_t seq,
+                                    int do_encrypt)
-                         int do_encrypt)
 {
     struct chacha20_poly1305_keysched *ctx = cipher->chacha20_schedule;
     uint8_t seqbuf[16] = {0};
@@ -906,10 +901,9 @@ chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher,
     return SSH_OK;
 }
 
-static int
+static int chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
-chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
+                                          uint64_t seq,
-                               uint64_t seq,
+                                          int do_encrypt)
-                               int do_encrypt)
 {
     struct chacha20_poly1305_keysched *ctx = cipher->chacha20_schedule;
     uint8_t poly_key[CHACHA20_BLOCKSIZE];
@@ -935,12 +929,17 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
     ssh_log_hexdump("poly_key", poly_key, POLY1305_KEYLEN);
 #endif /* DEBUG_CRYPTO */
 
-    /* Set the Poly1305 key */
+/* LibreSSL path: use direct Poly1305 implementation */
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if defined(LIBRESSL_VERSION_NUMBER)
+    CRYPTO_poly1305_init(&ctx->poly_ctx, poly_key);
+/* Set the Poly1305 key */
+#elif OPENSSL_VERSION_NUMBER < 0x30000000L
     if (ctx->key == NULL) {
         /* Poly1305 Initialization needs to know the actual key */
-        ctx->key = EVP_PKEY_new_mac_key(EVP_PKEY_POLY1305, NULL,
+        ctx->key = EVP_PKEY_new_mac_key(EVP_PKEY_POLY1305,
-                                        poly_key, POLY1305_KEYLEN);
+                                        NULL,
+                                        poly_key,
+                                        POLY1305_KEYLEN);
         if (ctx->key == NULL) {
             SSH_LOG(SSH_LOG_TRACE, "EVP_PKEY_new_mac_key failed");
             goto out;
@@ -952,9 +951,12 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
         }
     } else {
         /* Updating the key is easier but less obvious */
-        rv = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_SIGNCTX,
+        rv = EVP_PKEY_CTX_ctrl(ctx->pctx,
-                                EVP_PKEY_CTRL_SET_MAC_KEY,
+                               -1,
-                                POLY1305_KEYLEN, (void *)poly_key);
+                               EVP_PKEY_OP_SIGNCTX,
+                               EVP_PKEY_CTRL_SET_MAC_KEY,
+                               POLY1305_KEYLEN,
+                               (void *)poly_key);
         if (rv <= 0) {
             SSH_LOG(SSH_LOG_TRACE, "EVP_PKEY_CTX_ctrl failed");
             goto out;
@@ -1017,20 +1019,21 @@ chacha20_poly1305_aead_decrypt_length(struct ssh_cipher_struct *cipher,
     return SSH_OK;
 }
 
-static int
+static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
-chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
+                                          void *complete_packet,
-                               void *complete_packet,
+                                          uint8_t *out,
-                               uint8_t *out,
+                                          size_t encrypted_size,
-                               size_t encrypted_size,
+                                          uint64_t seq)
-                               uint64_t seq)
 {
     struct chacha20_poly1305_keysched *ctx = cipher->chacha20_schedule;
-    uint8_t *mac = (uint8_t *)complete_packet + sizeof(uint32_t) +
+    uint8_t *mac =
-                   encrypted_size;
+        (uint8_t *)complete_packet + sizeof(uint32_t) + encrypted_size;
     uint8_t tag[POLY1305_TAGLEN] = {0};
     int ret = SSH_ERROR;
     int rv, cmp, len = 0;
+#if !defined(LIBRESSL_VERSION_NUMBER)
     size_t taglen = POLY1305_TAGLEN;
+#endif
 
     /* Prepare the Poly1305 key */
     rv = chacha20_poly1305_packet_setup(cipher, seq, 0);
@@ -1044,7 +1047,13 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
 #endif /* DEBUG_CRYPTO */
 
     /* Calculate MAC of received data */
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if defined(LIBRESSL_VERSION_NUMBER)
+    CRYPTO_poly1305_update(&ctx->poly_ctx,
+                           complete_packet,
+                           encrypted_size + sizeof(uint32_t));
+    CRYPTO_poly1305_finish(&ctx->poly_ctx, tag);
+
+#elif OPENSSL_VERSION_NUMBER < 0x30000000L
     rv = EVP_DigestSignUpdate(ctx->mctx, complete_packet,
                               encrypted_size + sizeof(uint32_t));
     if (rv != 1) {
@@ -1058,7 +1067,8 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
         goto out;
     }
 #else
-    rv = EVP_MAC_update(ctx->mctx, complete_packet,
+    rv = EVP_MAC_update(ctx->mctx,
+                        complete_packet,
                         encrypted_size + sizeof(uint32_t));
     if (rv != 1) {
         SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_update failed");
@@ -1106,17 +1116,18 @@ out:
     return ret;
 }
 
-static void
+static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
-chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
+                                           void *in,
-                               void *in,
+                                           void *out,
-                               void *out,
+                                           size_t len,
-                               size_t len,
+                                           uint8_t *tag,
-                               uint8_t *tag,
+                                           uint64_t seq)
-                               uint64_t seq)
 {
     struct ssh_packet_header *in_packet = in, *out_packet = out;
     struct chacha20_poly1305_keysched *ctx = cipher->chacha20_schedule;
+#if !defined(LIBRESSL_VERSION_NUMBER)
     size_t taglen = POLY1305_TAGLEN;
+#endif
     int ret, outlen = 0;
 
     /* Prepare the Poly1305 key */
@@ -1128,7 +1139,8 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
 
 #ifdef DEBUG_CRYPTO
     ssh_log_hexdump("plaintext length",
-                    (unsigned char *)&in_packet->length, sizeof(uint32_t));
+                    (unsigned char *)&in_packet->length,
+                    sizeof(uint32_t));
 #endif /* DEBUG_CRYPTO */
     /* step 2, encrypt length field */
     ret = EVP_CipherUpdate(ctx->header_evp,
@@ -1142,7 +1154,8 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
     }
 #ifdef DEBUG_CRYPTO
     ssh_log_hexdump("encrypted length",
-                    (unsigned char *)&out_packet->length, outlen);
+                    (unsigned char *)&out_packet->length,
+                    outlen);
 #endif /* DEBUG_CRYPTO */
     ret = EVP_CipherFinal_ex(ctx->header_evp, (uint8_t *)out + outlen, &outlen);
     if (ret != 1 || outlen != 0) {
@@ -1163,7 +1176,13 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
     }
 
     /* step 4, compute the MAC */
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if defined(LIBRESSL_VERSION_NUMBER)
+
+    CRYPTO_poly1305_update(&ctx->poly_ctx,
+                           (const unsigned char *)out_packet,
+                           len);
+    CRYPTO_poly1305_finish(&ctx->poly_ctx, tag);
+#elif OPENSSL_VERSION_NUMBER < 0x30000000L
     ret = EVP_DigestSignUpdate(ctx->mctx, out_packet, len);
     if (ret <= 0) {
         SSH_LOG(SSH_LOG_TRACE, "EVP_DigestSignUpdate failed");
@@ -1175,7 +1194,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
         return;
     }
 #else
-    ret = EVP_MAC_update(ctx->mctx, (void*)out_packet, len);
+    ret = EVP_MAC_update(ctx->mctx, (void *)out_packet, len);
     if (ret != 1) {
         SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_update failed");
         return;
@@ -1191,11 +1210,10 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
 #endif /* HAVE_OPENSSL_EVP_CHACHA20 */
 
 #ifdef WITH_INSECURE_NONE
-static void
+static void none_crypt(UNUSED_PARAM(struct ssh_cipher_struct *cipher),
-none_crypt(UNUSED_PARAM(struct ssh_cipher_struct *cipher),
+                       void *in,
-           void *in,
+                       void *out,
-           void *out,
+                       size_t len)
-           size_t len)
 {
     memcpy(out, in, len);
 }
@@ -1206,163 +1224,163 @@ none_crypt(UNUSED_PARAM(struct ssh_cipher_struct *cipher),
  */
 static struct ssh_cipher_struct ssh_ciphertab[] = {
 #ifdef HAVE_BLOWFISH
-  {
+    {
-    .name = "blowfish-cbc",
+        .name = "blowfish-cbc",
-    .blocksize = 8,
+        .blocksize = 8,
-    .ciphertype = SSH_BLOWFISH_CBC,
+        .ciphertype = SSH_BLOWFISH_CBC,
-    .keysize = 128,
+        .keysize = 128,
-    .set_encrypt_key = evp_cipher_set_encrypt_key,
+        .set_encrypt_key = evp_cipher_set_encrypt_key,
-    .set_decrypt_key = evp_cipher_set_decrypt_key,
+        .set_decrypt_key = evp_cipher_set_decrypt_key,
-    .encrypt = evp_cipher_encrypt,
+        .encrypt = evp_cipher_encrypt,
-    .decrypt = evp_cipher_decrypt,
+        .decrypt = evp_cipher_decrypt,
-    .cleanup = evp_cipher_cleanup
+        .cleanup = evp_cipher_cleanup,
-  },
+    },
 #endif /* HAVE_BLOWFISH */
 #ifdef HAS_AES
-  {
+    {
-    .name = "aes128-ctr",
+        .name = "aes128-ctr",
-    .blocksize = AES_BLOCK_SIZE,
+        .blocksize = AES_BLOCK_SIZE,
-    .ciphertype = SSH_AES128_CTR,
+        .ciphertype = SSH_AES128_CTR,
-    .keysize = 128,
+        .keysize = 128,
-    .set_encrypt_key = evp_cipher_set_encrypt_key,
+        .set_encrypt_key = evp_cipher_set_encrypt_key,
-    .set_decrypt_key = evp_cipher_set_decrypt_key,
+        .set_decrypt_key = evp_cipher_set_decrypt_key,
-    .encrypt = evp_cipher_encrypt,
+        .encrypt = evp_cipher_encrypt,
-    .decrypt = evp_cipher_decrypt,
+        .decrypt = evp_cipher_decrypt,
-    .cleanup = evp_cipher_cleanup
+        .cleanup = evp_cipher_cleanup,
-  },
+    },
-  {
+    {
-    .name = "aes192-ctr",
+        .name = "aes192-ctr",
-    .blocksize = AES_BLOCK_SIZE,
+        .blocksize = AES_BLOCK_SIZE,
-    .ciphertype = SSH_AES192_CTR,
+        .ciphertype = SSH_AES192_CTR,
-    .keysize = 192,
+        .keysize = 192,
-    .set_encrypt_key = evp_cipher_set_encrypt_key,
+        .set_encrypt_key = evp_cipher_set_encrypt_key,
-    .set_decrypt_key = evp_cipher_set_decrypt_key,
+        .set_decrypt_key = evp_cipher_set_decrypt_key,
-    .encrypt = evp_cipher_encrypt,
+        .encrypt = evp_cipher_encrypt,
-    .decrypt = evp_cipher_decrypt,
+        .decrypt = evp_cipher_decrypt,
-    .cleanup = evp_cipher_cleanup
+        .cleanup = evp_cipher_cleanup,
-  },
+    },
-  {
+    {
-    .name = "aes256-ctr",
+        .name = "aes256-ctr",
-    .blocksize = AES_BLOCK_SIZE,
+        .blocksize = AES_BLOCK_SIZE,
-    .ciphertype = SSH_AES256_CTR,
+        .ciphertype = SSH_AES256_CTR,
-    .keysize = 256,
+        .keysize = 256,
-    .set_encrypt_key = evp_cipher_set_encrypt_key,
+        .set_encrypt_key = evp_cipher_set_encrypt_key,
-    .set_decrypt_key = evp_cipher_set_decrypt_key,
+        .set_decrypt_key = evp_cipher_set_decrypt_key,
-    .encrypt = evp_cipher_encrypt,
+        .encrypt = evp_cipher_encrypt,
-    .decrypt = evp_cipher_decrypt,
+        .decrypt = evp_cipher_decrypt,
-    .cleanup = evp_cipher_cleanup
+        .cleanup = evp_cipher_cleanup,
-  },
+    },
-  {
+    {
-    .name = "aes128-cbc",
+        .name = "aes128-cbc",
-    .blocksize = AES_BLOCK_SIZE,
+        .blocksize = AES_BLOCK_SIZE,
-    .ciphertype = SSH_AES128_CBC,
+        .ciphertype = SSH_AES128_CBC,
-    .keysize = 128,
+        .keysize = 128,
-    .set_encrypt_key = evp_cipher_set_encrypt_key,
+        .set_encrypt_key = evp_cipher_set_encrypt_key,
-    .set_decrypt_key = evp_cipher_set_decrypt_key,
+        .set_decrypt_key = evp_cipher_set_decrypt_key,
-    .encrypt = evp_cipher_encrypt,
+        .encrypt = evp_cipher_encrypt,
-    .decrypt = evp_cipher_decrypt,
+        .decrypt = evp_cipher_decrypt,
-    .cleanup = evp_cipher_cleanup
+        .cleanup = evp_cipher_cleanup,
-  },
+    },
-  {
+    {
-    .name = "aes192-cbc",
+        .name = "aes192-cbc",
-    .blocksize = AES_BLOCK_SIZE,
+        .blocksize = AES_BLOCK_SIZE,
-    .ciphertype = SSH_AES192_CBC,
+        .ciphertype = SSH_AES192_CBC,
-    .keysize = 192,
+        .keysize = 192,
-    .set_encrypt_key = evp_cipher_set_encrypt_key,
+        .set_encrypt_key = evp_cipher_set_encrypt_key,
-    .set_decrypt_key = evp_cipher_set_decrypt_key,
+        .set_decrypt_key = evp_cipher_set_decrypt_key,
-    .encrypt = evp_cipher_encrypt,
+        .encrypt = evp_cipher_encrypt,
-    .decrypt = evp_cipher_decrypt,
+        .decrypt = evp_cipher_decrypt,
-    .cleanup = evp_cipher_cleanup
+        .cleanup = evp_cipher_cleanup,
-  },
+    },
-  {
+    {
-    .name = "aes256-cbc",
+        .name = "aes256-cbc",
-    .blocksize = AES_BLOCK_SIZE,
+        .blocksize = AES_BLOCK_SIZE,
-    .ciphertype = SSH_AES256_CBC,
+        .ciphertype = SSH_AES256_CBC,
-    .keysize = 256,
+        .keysize = 256,
-    .set_encrypt_key = evp_cipher_set_encrypt_key,
+        .set_encrypt_key = evp_cipher_set_encrypt_key,
-    .set_decrypt_key = evp_cipher_set_decrypt_key,
+        .set_decrypt_key = evp_cipher_set_decrypt_key,
-    .encrypt = evp_cipher_encrypt,
+        .encrypt = evp_cipher_encrypt,
-    .decrypt = evp_cipher_decrypt,
+        .decrypt = evp_cipher_decrypt,
-    .cleanup = evp_cipher_cleanup
+        .cleanup = evp_cipher_cleanup,
-  },
+    },
-  {
+    {
-    .name = "aes128-gcm@openssh.com",
+        .name = "aes128-gcm@openssh.com",
-    .blocksize = AES_BLOCK_SIZE,
+        .blocksize = AES_BLOCK_SIZE,
-    .lenfield_blocksize = 4, /* not encrypted, but authenticated */
+        .lenfield_blocksize = 4, /* not encrypted, but authenticated */
-    .ciphertype = SSH_AEAD_AES128_GCM,
+        .ciphertype = SSH_AEAD_AES128_GCM,
-    .keysize = 128,
+        .keysize = 128,
-    .tag_size = AES_GCM_TAGLEN,
+        .tag_size = AES_GCM_TAGLEN,
-    .set_encrypt_key = evp_cipher_set_encrypt_key,
+        .set_encrypt_key = evp_cipher_set_encrypt_key,
-    .set_decrypt_key = evp_cipher_set_decrypt_key,
+        .set_decrypt_key = evp_cipher_set_decrypt_key,
-    .aead_encrypt = evp_cipher_aead_encrypt,
+        .aead_encrypt = evp_cipher_aead_encrypt,
-    .aead_decrypt_length = evp_cipher_aead_get_length,
+        .aead_decrypt_length = evp_cipher_aead_get_length,
-    .aead_decrypt = evp_cipher_aead_decrypt,
+        .aead_decrypt = evp_cipher_aead_decrypt,
-    .cleanup = evp_cipher_cleanup
+        .cleanup = evp_cipher_cleanup,
-  },
+    },
-  {
+    {
-    .name = "aes256-gcm@openssh.com",
+        .name = "aes256-gcm@openssh.com",
-    .blocksize = AES_BLOCK_SIZE,
+        .blocksize = AES_BLOCK_SIZE,
-    .lenfield_blocksize = 4, /* not encrypted, but authenticated */
+        .lenfield_blocksize = 4, /* not encrypted, but authenticated */
-    .ciphertype = SSH_AEAD_AES256_GCM,
+        .ciphertype = SSH_AEAD_AES256_GCM,
-    .keysize = 256,
+        .keysize = 256,
-    .tag_size = AES_GCM_TAGLEN,
+        .tag_size = AES_GCM_TAGLEN,
-    .set_encrypt_key = evp_cipher_set_encrypt_key,
+        .set_encrypt_key = evp_cipher_set_encrypt_key,
-    .set_decrypt_key = evp_cipher_set_decrypt_key,
+        .set_decrypt_key = evp_cipher_set_decrypt_key,
-    .aead_encrypt = evp_cipher_aead_encrypt,
+        .aead_encrypt = evp_cipher_aead_encrypt,
-    .aead_decrypt_length = evp_cipher_aead_get_length,
+        .aead_decrypt_length = evp_cipher_aead_get_length,
-    .aead_decrypt = evp_cipher_aead_decrypt,
+        .aead_decrypt = evp_cipher_aead_decrypt,
-    .cleanup = evp_cipher_cleanup
+        .cleanup = evp_cipher_cleanup,
-  },
+    },
 #endif /* HAS_AES */
 #ifdef HAS_DES
-  {
+    {
-    .name = "3des-cbc",
+        .name = "3des-cbc",
-    .blocksize = 8,
+        .blocksize = 8,
-    .ciphertype = SSH_3DES_CBC,
+        .ciphertype = SSH_3DES_CBC,
-    .keysize = 192,
+        .keysize = 192,
-    .set_encrypt_key = evp_cipher_set_encrypt_key,
+        .set_encrypt_key = evp_cipher_set_encrypt_key,
-    .set_decrypt_key = evp_cipher_set_decrypt_key,
+        .set_decrypt_key = evp_cipher_set_decrypt_key,
-    .encrypt = evp_cipher_encrypt,
+        .encrypt = evp_cipher_encrypt,
-    .decrypt = evp_cipher_decrypt,
+        .decrypt = evp_cipher_decrypt,
-    .cleanup = evp_cipher_cleanup
+        .cleanup = evp_cipher_cleanup,
-  },
+    },
 #endif /* HAS_DES */
-  {
+    {
 #ifdef HAVE_OPENSSL_EVP_CHACHA20
-    .ciphertype = SSH_AEAD_CHACHA20_POLY1305,
+        .ciphertype = SSH_AEAD_CHACHA20_POLY1305,
-    .name = "chacha20-poly1305@openssh.com",
+        .name = "chacha20-poly1305@openssh.com",
-    .blocksize = CHACHA20_BLOCKSIZE/8,
+        .blocksize = CHACHA20_BLOCKSIZE / 8,
-    .lenfield_blocksize = 4,
+        .lenfield_blocksize = 4,
-    .keylen = sizeof(struct chacha20_poly1305_keysched),
+        .keylen = sizeof(struct chacha20_poly1305_keysched),
-    .keysize = 2 * CHACHA20_KEYLEN * 8,
+        .keysize = 2 * CHACHA20_KEYLEN * 8,
-    .tag_size = POLY1305_TAGLEN,
+        .tag_size = POLY1305_TAGLEN,
-    .set_encrypt_key = chacha20_poly1305_set_key,
+        .set_encrypt_key = chacha20_poly1305_set_key,
-    .set_decrypt_key = chacha20_poly1305_set_key,
+        .set_decrypt_key = chacha20_poly1305_set_key,
-    .aead_encrypt = chacha20_poly1305_aead_encrypt,
+        .aead_encrypt = chacha20_poly1305_aead_encrypt,
-    .aead_decrypt_length = chacha20_poly1305_aead_decrypt_length,
+        .aead_decrypt_length = chacha20_poly1305_aead_decrypt_length,
-    .aead_decrypt = chacha20_poly1305_aead_decrypt,
+        .aead_decrypt = chacha20_poly1305_aead_decrypt,
-    .cleanup = chacha20_poly1305_cleanup
+        .cleanup = chacha20_poly1305_cleanup
 #else
-    .name = "chacha20-poly1305@openssh.com"
+        .name = "chacha20-poly1305@openssh.com"
 #endif /* HAVE_OPENSSL_EVP_CHACHA20 */
-  },
+    },
 #ifdef WITH_INSECURE_NONE
-  {
+    {
-    .name = "none",
+        .name = "none",
-    .blocksize = 8,
+        .blocksize = 8,
-    .keysize = 0,
+        .keysize = 0,
-    .encrypt = none_crypt,
+        .encrypt = none_crypt,
-    .decrypt = none_crypt,
+        .decrypt = none_crypt,
-  },
+    },
 #endif /* WITH_INSECURE_NONE */
-  {
+    {
-    .name = NULL
+        .name = NULL,
-  }
+    },
 };
 
 struct ssh_cipher_struct *ssh_get_ciphertab(void)
 {
-  return ssh_ciphertab;
+    return ssh_ciphertab;
 }
 
 /**
@@ -1378,19 +1396,19 @@ int ssh_crypto_init(void)
     if (libcrypto_initialized) {
         return SSH_OK;
     }
-    if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER){
+    if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER) {
-        SSH_LOG(SSH_LOG_DEBUG, "libssh compiled with %s "
+        SSH_LOG(SSH_LOG_DEBUG,
-            "headers, currently running with %s.",
+                "libssh compiled with %s "
-            OPENSSL_VERSION_TEXT,
+                "headers, currently running with %s.",
-            OpenSSL_version(OpenSSL_version_num())
+                OPENSSL_VERSION_TEXT,
-        );
+                OpenSSL_version(OpenSSL_version_num()));
     }
 #ifdef CAN_DISABLE_AESNI
     /*
      * disable AES-NI when running within Valgrind, because they generate
      * too many "uninitialized memory access" false positives
      */
-    if (RUNNING_ON_VALGRIND){
+    if (RUNNING_ON_VALGRIND) {
         SSH_LOG(SSH_LOG_INFO, "Running within Valgrind, disabling AES-NI");
         /* Bit #57 denotes AES-NI instruction set extension */
         OPENSSL_ia32cap &= ~(1LL << 57);
@@ -1453,7 +1471,8 @@ void ssh_crypto_finalize(void)
  * @internal
  * @brief Create EVP_PKEY from parameters
  *
- * @param[in] name Algorithm to use. For more info see manpage of EVP_PKEY_CTX_new_from_name
+ * @param[in] name Algorithm to use. For more info see manpage of
+ * EVP_PKEY_CTX_new_from_name
  *
  * @param[in] param_bld Constructed param builder for the pkey
  *
@@ -1463,8 +1482,10 @@ void ssh_crypto_finalize(void)
  *
  * @return 0 on success, -1 on error
  */
-int evp_build_pkey(const char* name, OSSL_PARAM_BLD *param_bld,
+int evp_build_pkey(const char *name,
-                   EVP_PKEY **pkey, int selection)
+                   OSSL_PARAM_BLD *param_bld,
+                   EVP_PKEY **pkey,
+                   int selection)
 {
     int rc;
     EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, name, NULL);
@@ -1596,8 +1617,7 @@ int evp_dup_ed25519_pkey(const ssh_key key, ssh_key new_key, int demote)
 
 #endif /* OPENSSL_VERSION_NUMBER */
 
-ssh_string
+ssh_string pki_key_make_ecpoint_string(const EC_GROUP *g, const EC_POINT *p)
-pki_key_make_ecpoint_string(const EC_GROUP *g, const EC_POINT *p)
 {
     ssh_string s = NULL;
     size_t len;

tests/pkcs11/setup-softhsm-tokens.sh

@@ -28,6 +28,9 @@ if [ ! -d "$TESTDIR/db" ]; then
 directories.tokendir = $TESTDIR/db
 objectstore.backend = file
 log.level = DEBUG
+# # The hashed ECDSA mechanisms wrongly do not support multi-part operations
+# https://github.com/softhsm/SoftHSMv2/issues/842
+slots.mechanisms = -CKM_ECDSA_SHA1,CKM_ECDSA_SHA224,CKM_ECDSA_SHA256,CKM_ECDSA_SHA384,CKM_ECDSA_SHA512
 EOF
 
     cat "$TESTDIR/softhsm.conf"