Build external override library with all symbols

The curve25519 depends on ssh_get_random, which is normally built into libssh.
For the external override tests to build, we need to have them in separate
source file that can be included for this test.

For some reason, this did not happen on CI builds, but it did happen in koji
during RPM builds.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

src/CMakeLists.txt

@@ -184,6 +184,7 @@ if (WITH_GCRYPT)
         gcrypt_missing.c
         pki_gcrypt.c
         ecdh_gcrypt.c
+        getrandom_gcrypt.c
         dh_key.c
         pki_ed25519.c
         external/ed25519.c
@@ -207,6 +208,7 @@ elseif (WITH_MBEDTLS)
         mbedcrypto_missing.c
         pki_mbedcrypto.c
         ecdh_mbedcrypto.c
+        getrandom_mbedcrypto.c
         dh_key.c
         pki_ed25519.c
         external/ed25519.c
@@ -229,6 +231,7 @@ else (WITH_GCRYPT)
         threads/libcrypto.c
         pki_crypto.c
         ecdh_crypto.c
+        getrandom_crypto.c
         libcrypto.c
         dh_crypto.c
        )

src/getrandom_crypto.c

@@ -0,0 +1,54 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2009 by Aris Adamantiadis
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#include "libssh/crypto.h"
+#include <openssl/rand.h>
+
+/**
+ * @brief Get random bytes
+ *
+ * Make sure to always check the return code of this function!
+ *
+ * @param[in]  where    The buffer to fill with random bytes
+ *
+ * @param[in]  len      The size of the buffer to fill.
+ *
+ * @param[in]  strong   Use a strong or private RNG source.
+ *
+ * @return 1 on success, 0 on error.
+ */
+int
+ssh_get_random(void *where, int len, int strong)
+{
+#ifdef HAVE_OPENSSL_RAND_PRIV_BYTES
+    if (strong) {
+        /* Returns -1 when not supported, 0 on error, 1 on success */
+        return !!RAND_priv_bytes(where, len);
+    }
+#else
+    (void)strong;
+#endif /* HAVE_RAND_PRIV_BYTES */
+
+    /* Returns -1 when not supported, 0 on error, 1 on success */
+    return !!RAND_bytes(where, len);
+}

src/getrandom_gcrypt.c

@@ -0,0 +1,38 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2009 by Aris Adamantiadis
+ * Copyright (C) 2016 g10 Code GmbH
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#include "libssh/crypto.h"
+#include <gcrypt.h>
+
+int
+ssh_get_random(void *where, int len, int strong)
+{
+    /* variable not used in gcrypt */
+    (void)strong;
+
+    /* not using GCRY_VERY_STRONG_RANDOM which is a bit overkill */
+    gcry_randomize(where, len, GCRY_STRONG_RANDOM);
+
+    return 1;
+}

src/getrandom_mbedcrypto.c

@@ -0,0 +1,52 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2017 Sartura d.o.o.
+ *
+ * Author: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#include "libssh/crypto.h"
+#include "mbedcrypto-compat.h"
+
+mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
+
+int
+ssh_mbedtls_random(void *where, int len, int strong)
+{
+    int rc = 0;
+    if (strong) {
+        mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
+                                                   MBEDTLS_CTR_DRBG_PR_ON);
+        rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
+        mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
+                                                   MBEDTLS_CTR_DRBG_PR_OFF);
+    } else {
+        rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
+    }
+
+    return !rc;
+}
+
+int
+ssh_get_random(void *where, int len, int strong)
+{
+    return ssh_mbedtls_random(where, len, strong);
+}

src/libcrypto.c

@@ -93,34 +93,6 @@ void ssh_reseed(void){
 #endif
 }
 
-/**
- * @brief Get random bytes
- *
- * Make sure to always check the return code of this function!
- *
- * @param[in]  where    The buffer to fill with random bytes
- *
- * @param[in]  len      The size of the buffer to fill.
- *
- * @param[in]  strong   Use a strong or private RNG source.
- *
- * @return 1 on success, 0 on error.
- */
-int ssh_get_random(void *where, int len, int strong)
-{
-#ifdef HAVE_OPENSSL_RAND_PRIV_BYTES
-    if (strong) {
-        /* Returns -1 when not supported, 0 on error, 1 on success */
-        return !!RAND_priv_bytes(where, len);
-    }
-#else
-    (void)strong;
-#endif /* HAVE_RAND_PRIV_BYTES */
-
-    /* Returns -1 when not supported, 0 on error, 1 on success */
-    return !!RAND_bytes(where, len);
-}
-
 SHACTX sha1_init(void)
 {
     int rc;

src/libgcrypt.c

@@ -69,17 +69,6 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
 void ssh_reseed(void){
 }
 
-int ssh_get_random(void *where, int len, int strong)
-{
-    /* variable not used in gcrypt */
-    (void) strong;
-
-    /* not using GCRY_VERY_STRONG_RANDOM which is a bit overkill */
-    gcry_randomize(where,len,GCRY_STRONG_RANDOM);
-
-    return 1;
-}
-
 SHACTX sha1_init(void) {
   SHACTX ctx = NULL;
   gcry_md_open(&ctx, GCRY_MD_SHA1, 0);

src/libmbedcrypto.c

@@ -42,7 +42,7 @@
 #endif /* MBEDTLS_GCM_C */
 
 static mbedtls_entropy_context ssh_mbedtls_entropy;
-static mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
+extern mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
 
 static int libmbedcrypto_initialized = 0;
 
@@ -51,11 +51,6 @@ void ssh_reseed(void)
     mbedtls_ctr_drbg_reseed(&ssh_mbedtls_ctr_drbg, NULL, 0);
 }
 
-int ssh_get_random(void *where, int len, int strong)
-{
-    return ssh_mbedtls_random(where, len, strong);
-}
-
 SHACTX sha1_init(void)
 {
     SHACTX ctx = NULL;
@@ -1438,22 +1433,6 @@ int ssh_crypto_init(void)
     return SSH_OK;
 }
 
-int ssh_mbedtls_random(void *where, int len, int strong)
-{
-    int rc = 0;
-    if (strong) {
-        mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
-                MBEDTLS_CTR_DRBG_PR_ON);
-        rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
-        mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
-                MBEDTLS_CTR_DRBG_PR_OFF);
-    } else {
-        rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
-    }
-
-    return !rc;
-}
-
 mbedtls_ctr_drbg_context *ssh_get_mbedtls_ctr_drbg_context(void)
 {
     return &ssh_mbedtls_ctr_drbg;

tests/external_override/CMakeLists.txt

@@ -34,14 +34,42 @@ set(ED25519_OVERRIDE_LIBRARY
 ${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}ed25519_override${CMAKE_SHARED_LIBRARY_SUFFIX})
 
 # curve25519_override
-add_library(curve25519_override SHARED
+set (curve25519_override_src
     curve25519_override.c
     ${libssh_SOURCE_DIR}/src/external/curve25519_ref.c
     ${libssh_SOURCE_DIR}/src/external/fe25519.c
     ${libssh_SOURCE_DIR}/src/external/ge25519.c
     ${libssh_SOURCE_DIR}/src/external/sc25519.c
     ${libssh_SOURCE_DIR}/src/external/ed25519.c
+)
+if (WITH_GCRYPT)
+    set (curve25519_override_src
+        ${curve25519_override_src}
+        ${libssh_SOURCE_DIR}/src/getrandom_gcrypt.c
     )
+    set(curve25519_override_libs
+        ${GCRYPT_LIBRARIES}
+    )
+elseif (WITH_MBEDTLS)
+    set (curve25519_override_src
+        ${curve25519_override_src}
+        ${libssh_SOURCE_DIR}/src/getrandom_mbedcrypto.c
+    )
+    set(curve25519_override_libs
+        ${MBEDTLS_CRYPTO_LIBRARY}
+    )
+else ()
+    set (curve25519_override_src
+        ${curve25519_override_src}
+        ${libssh_SOURCE_DIR}/src/getrandom_crypto.c
+    )
+    set(curve25519_override_libs
+        ${OPENSSL_CRYPTO_LIBRARIES}
+    )
+endif (WITH_GCRYPT)
+add_library(curve25519_override SHARED ${curve25519_override_src})
+target_link_libraries(curve25519_override
+                      PRIVATE ${curve25519_override_libs})
 set(CURVE25519_OVERRIDE_LIBRARY
 ${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}curve25519_override${CMAKE_SHARED_LIBRARY_SUFFIX})