This adds a cmake module, FindABIMap, which looks for abimap and
provides functions to generate a symbol version linker script.
The module can be included using find_package(ABIMap).
This also adds the option to compile with symbol versioning. The symbol
list is obtained from the header files by filtering those marked with
the LIBSSH_API modifier.
Such symbols are used as input to generate the version script used by
the linker. The version script is automatically updated as new symbols
marked with LIBSSH_API are added to the header files.
If any symbol is removed, the build will fail due to break in the ABI.
Symbol versioning is enabled by default if abimap has been found. It is
disabled in non-UNIX platforms. It can be disabled by passing
"-DWITH_SYMBOL_VERSIONING=OFF" option to cmake.
Pair-Programmed-With: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
When errors occurred, the session auth state was not being updated,
leading to failures due to the wrong state in following authentication
methods.
Fixes T56
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This can help when debugging in the future
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Since the call is made automatically when the library is loaded, these
calls are no longer required (if the library is not linked statically).
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Run the tests from torture_pki_rsa.c on threads. Tests requiring files
to be removed are not tested, since they would require the access to
the files to be synchronized.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Added Windows threads implementation based on CriticalSection.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This makes unnecessary to call ssh_init() when the library is
dynamically loaded. Also removes the threads shared library. The used
threads implementation is chosen in configuration time, changing the
ssh_threads_get_default() depending on the available threads library.
Internally, it is expected a threads implementation providing:
- void ssh_mutex_lock(void **mutex);
- void ssh_mutex_unlock(void **mutex);
- struct ssh_threads_callbacks_struct *ssh_threads_get_default(void);
and a crypto implementation providing:
- int crypto_thread_init(struct ssh_threads_callbacks_struct *user_callbacks);
- void crypto_thread_finalize(void);
This adds internal threads implementation for pthreads and noop.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Previously, the support was only partial and if the ed25519 key was
the only one, the internal checks were failing the tests.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Add a small helper for ssh_buffer to ensure that the buffer has a
certain amount of space already preallocated. This can be useful in case
it is known how much data is going to be added to a buffer, to avoid
multiple reallocations.
Make use of it in few places in the library.
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
torture_connect_double test case used to test the connect only up
to key exchange phase, but not after the new keys are stated to be
used for communication. The keys from previous connectoin were not
cleaned up from the previous invocation as well as the seqence
number was not reset and therefore any further packet was failing
with length-check errors or MAC errors.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix the build for mbedTLS:
* set HAVE_CHACHA for non-mbedTLS builds
* only compile chachapoly.c when HAVE_CHACHA
* use empty CHACHA20 in src/kex.c unless HAVE_CHACHA
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
In 06b9901e64, invocations of `set_decrypt_key`
and `set_encrypt_key` were moved into the `ssh_packet_newkeys` callback, away
from the packet decrypt and encrypt functions.
Remove the extra `set_decrypt_key` for the case that an `aead_decrypt_length`
is not NULL. At this time, only the chacha20-poly1305@openssh.com cipher
is affected by this change.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
