1
1

Build external override library with all symbols

The curve25519 depends on ssh_get_random, which is normally built into libssh.
For the external override tests to build, we need to have them in separate
source file that can be included for this test.

For some reason, this did not happen on CI builds, but it did happen in koji
during RPM builds.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
Jakub Jelen 2022-07-13 11:42:39 +02:00 коммит произвёл Andreas Schneider
родитель b42e9a19a3
Коммит 0da54f2908
8 изменённых файлов: 184 добавлений и 69 удалений

Просмотреть файл

@ -184,6 +184,7 @@ if (WITH_GCRYPT)
gcrypt_missing.c
pki_gcrypt.c
ecdh_gcrypt.c
getrandom_gcrypt.c
dh_key.c
pki_ed25519.c
external/ed25519.c
@ -207,6 +208,7 @@ elseif (WITH_MBEDTLS)
mbedcrypto_missing.c
pki_mbedcrypto.c
ecdh_mbedcrypto.c
getrandom_mbedcrypto.c
dh_key.c
pki_ed25519.c
external/ed25519.c
@ -229,6 +231,7 @@ else (WITH_GCRYPT)
threads/libcrypto.c
pki_crypto.c
ecdh_crypto.c
getrandom_crypto.c
libcrypto.c
dh_crypto.c
)

54
src/getrandom_crypto.c Обычный файл
Просмотреть файл

@ -0,0 +1,54 @@
/*
* This file is part of the SSH Library
*
* Copyright (c) 2009 by Aris Adamantiadis
*
* The SSH Library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The SSH Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the SSH Library; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#include "config.h"
#include "libssh/crypto.h"
#include <openssl/rand.h>
/**
* @brief Get random bytes
*
* Make sure to always check the return code of this function!
*
* @param[in] where The buffer to fill with random bytes
*
* @param[in] len The size of the buffer to fill.
*
* @param[in] strong Use a strong or private RNG source.
*
* @return 1 on success, 0 on error.
*/
int
ssh_get_random(void *where, int len, int strong)
{
#ifdef HAVE_OPENSSL_RAND_PRIV_BYTES
if (strong) {
/* Returns -1 when not supported, 0 on error, 1 on success */
return !!RAND_priv_bytes(where, len);
}
#else
(void)strong;
#endif /* HAVE_RAND_PRIV_BYTES */
/* Returns -1 when not supported, 0 on error, 1 on success */
return !!RAND_bytes(where, len);
}

38
src/getrandom_gcrypt.c Обычный файл
Просмотреть файл

@ -0,0 +1,38 @@
/*
* This file is part of the SSH Library
*
* Copyright (c) 2009 by Aris Adamantiadis
* Copyright (C) 2016 g10 Code GmbH
*
* The SSH Library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The SSH Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the SSH Library; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#include "config.h"
#include "libssh/crypto.h"
#include <gcrypt.h>
int
ssh_get_random(void *where, int len, int strong)
{
/* variable not used in gcrypt */
(void)strong;
/* not using GCRY_VERY_STRONG_RANDOM which is a bit overkill */
gcry_randomize(where, len, GCRY_STRONG_RANDOM);
return 1;
}

52
src/getrandom_mbedcrypto.c Обычный файл
Просмотреть файл

@ -0,0 +1,52 @@
/*
* This file is part of the SSH Library
*
* Copyright (c) 2017 Sartura d.o.o.
*
* Author: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
*
* The SSH Library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The SSH Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the SSH Library; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#include "config.h"
#include "libssh/crypto.h"
#include "mbedcrypto-compat.h"
mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
int
ssh_mbedtls_random(void *where, int len, int strong)
{
int rc = 0;
if (strong) {
mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
MBEDTLS_CTR_DRBG_PR_ON);
rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
MBEDTLS_CTR_DRBG_PR_OFF);
} else {
rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
}
return !rc;
}
int
ssh_get_random(void *where, int len, int strong)
{
return ssh_mbedtls_random(where, len, strong);
}

Просмотреть файл

@ -93,34 +93,6 @@ void ssh_reseed(void){
#endif
}
/**
* @brief Get random bytes
*
* Make sure to always check the return code of this function!
*
* @param[in] where The buffer to fill with random bytes
*
* @param[in] len The size of the buffer to fill.
*
* @param[in] strong Use a strong or private RNG source.
*
* @return 1 on success, 0 on error.
*/
int ssh_get_random(void *where, int len, int strong)
{
#ifdef HAVE_OPENSSL_RAND_PRIV_BYTES
if (strong) {
/* Returns -1 when not supported, 0 on error, 1 on success */
return !!RAND_priv_bytes(where, len);
}
#else
(void)strong;
#endif /* HAVE_RAND_PRIV_BYTES */
/* Returns -1 when not supported, 0 on error, 1 on success */
return !!RAND_bytes(where, len);
}
SHACTX sha1_init(void)
{
int rc;

Просмотреть файл

@ -69,17 +69,6 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
void ssh_reseed(void){
}
int ssh_get_random(void *where, int len, int strong)
{
/* variable not used in gcrypt */
(void) strong;
/* not using GCRY_VERY_STRONG_RANDOM which is a bit overkill */
gcry_randomize(where,len,GCRY_STRONG_RANDOM);
return 1;
}
SHACTX sha1_init(void) {
SHACTX ctx = NULL;
gcry_md_open(&ctx, GCRY_MD_SHA1, 0);

Просмотреть файл

@ -42,7 +42,7 @@
#endif /* MBEDTLS_GCM_C */
static mbedtls_entropy_context ssh_mbedtls_entropy;
static mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
extern mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
static int libmbedcrypto_initialized = 0;
@ -51,11 +51,6 @@ void ssh_reseed(void)
mbedtls_ctr_drbg_reseed(&ssh_mbedtls_ctr_drbg, NULL, 0);
}
int ssh_get_random(void *where, int len, int strong)
{
return ssh_mbedtls_random(where, len, strong);
}
SHACTX sha1_init(void)
{
SHACTX ctx = NULL;
@ -1438,22 +1433,6 @@ int ssh_crypto_init(void)
return SSH_OK;
}
int ssh_mbedtls_random(void *where, int len, int strong)
{
int rc = 0;
if (strong) {
mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
MBEDTLS_CTR_DRBG_PR_ON);
rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
MBEDTLS_CTR_DRBG_PR_OFF);
} else {
rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
}
return !rc;
}
mbedtls_ctr_drbg_context *ssh_get_mbedtls_ctr_drbg_context(void)
{
return &ssh_mbedtls_ctr_drbg;

Просмотреть файл

@ -34,14 +34,42 @@ set(ED25519_OVERRIDE_LIBRARY
${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}ed25519_override${CMAKE_SHARED_LIBRARY_SUFFIX})
# curve25519_override
add_library(curve25519_override SHARED
set (curve25519_override_src
curve25519_override.c
${libssh_SOURCE_DIR}/src/external/curve25519_ref.c
${libssh_SOURCE_DIR}/src/external/fe25519.c
${libssh_SOURCE_DIR}/src/external/ge25519.c
${libssh_SOURCE_DIR}/src/external/sc25519.c
${libssh_SOURCE_DIR}/src/external/ed25519.c
)
if (WITH_GCRYPT)
set (curve25519_override_src
${curve25519_override_src}
${libssh_SOURCE_DIR}/src/getrandom_gcrypt.c
)
set(curve25519_override_libs
${GCRYPT_LIBRARIES}
)
elseif (WITH_MBEDTLS)
set (curve25519_override_src
${curve25519_override_src}
${libssh_SOURCE_DIR}/src/getrandom_mbedcrypto.c
)
set(curve25519_override_libs
${MBEDTLS_CRYPTO_LIBRARY}
)
else ()
set (curve25519_override_src
${curve25519_override_src}
${libssh_SOURCE_DIR}/src/getrandom_crypto.c
)
set(curve25519_override_libs
${OPENSSL_CRYPTO_LIBRARIES}
)
endif (WITH_GCRYPT)
add_library(curve25519_override SHARED ${curve25519_override_src})
target_link_libraries(curve25519_override
PRIVATE ${curve25519_override_libs})
set(CURVE25519_OVERRIDE_LIBRARY
${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}curve25519_override${CMAKE_SHARED_LIBRARY_SUFFIX})