From 20c13a2c7698d7a1924243357a02d7213ab2035c Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Thu, 23 Jun 2022 15:47:19 +0000
Subject: [PATCH] Change const bignum to bignum

Openssl3.0 API retrieves bignum variables from a key.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 include/libssh/dh.h | 10 ++++++++++
 src/dh-gex.c        | 10 ++++++++++
 src/dh.c            | 20 ++++++++++++++++++++
 src/kex.c           | 40 ++++++++++++++++++++++++++++++----------
 4 files changed, 70 insertions(+), 10 deletions(-)

diff --git a/include/libssh/dh.h b/include/libssh/dh.h
index 390b30da..353dc233 100644
--- a/include/libssh/dh.h
+++ b/include/libssh/dh.h
@@ -34,14 +34,24 @@ struct dh_ctx;
 int ssh_dh_init_common(struct ssh_crypto_struct *crypto);
 void ssh_dh_cleanup(struct ssh_crypto_struct *crypto);
 
+#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
 int ssh_dh_get_parameters(struct dh_ctx *ctx,
                           const_bignum *modulus, const_bignum *generator);
+#else
+int ssh_dh_get_parameters(struct dh_ctx *ctx,
+                          bignum *modulus, bignum *generator);
+#endif /* OPENSSL_VERSION_NUMBER */
 int ssh_dh_set_parameters(struct dh_ctx *ctx,
                           const bignum modulus, const bignum generator);
 
 int ssh_dh_keypair_gen_keys(struct dh_ctx *ctx, int peer);
+#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
 int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
                             const_bignum *priv, const_bignum *pub);
+#else
+int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
+                            bignum *priv, bignum *pub);
+#endif /* OPENSSL_VERSION_NUMBER */
 int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
                             const bignum priv, const bignum pub);
 
diff --git a/src/dh-gex.c b/src/dh-gex.c
index 867015b6..d0d2890b 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -108,7 +108,11 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
     bignum pmin1 = NULL, one = NULL;
     bignum_CTX ctx = bignum_ctx_new();
     bignum modulus = NULL, generator = NULL;
+#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
     const_bignum pubkey;
+#else
+    bignum pubkey = NULL;
+#endif /* OPENSSL_VERSION_NUMBER */
     (void) type;
     (void) user;
 
@@ -212,6 +216,9 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
     if (rc != SSH_OK) {
         goto error;
     }
+#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+    bignum_safe_free(pubkey);
+#endif /* OPENSSL_VERSION_NUMBER */
 
     session->dh_handshake_state = DH_STATE_INIT_SENT;
 
@@ -229,6 +236,9 @@ error:
     bignum_safe_free(generator);
     bignum_safe_free(one);
     bignum_safe_free(pmin1);
+#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+    bignum_safe_free(pubkey);
+#endif /* OPENSSL_VERSION_NUMBER */
     if(!bignum_ctx_invalid(ctx)) {
         bignum_ctx_free(ctx);
     }
diff --git a/src/dh.c b/src/dh.c
index 060d62ad..1251eb64 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -309,7 +309,11 @@ static struct ssh_packet_callbacks_struct ssh_dh_client_callbacks = {
  */
 int ssh_client_dh_init(ssh_session session){
   struct ssh_crypto_struct *crypto = session->next_crypto;
+#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
   const_bignum pubkey;
+#else
+  bignum pubkey = NULL;
+#endif /* OPENSSL_VERSION_NUMBER */
   int rc;
 
   rc = ssh_dh_init_common(crypto);
@@ -330,6 +334,9 @@ int ssh_client_dh_init(ssh_session session){
   if (rc != SSH_OK) {
     goto error;
   }
+#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+  bignum_safe_free(pubkey);
+#endif
 
   /* register the packet callbacks */
   ssh_packet_set_callbacks(session, &ssh_dh_client_callbacks);
@@ -338,6 +345,9 @@ int ssh_client_dh_init(ssh_session session){
   rc = ssh_packet_send(session);
   return rc;
 error:
+#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+  bignum_safe_free(pubkey);
+#endif
   ssh_dh_cleanup(crypto);
   return SSH_ERROR;
 }
@@ -436,7 +446,11 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
     ssh_string sig_blob = NULL;
     ssh_string pubkey_blob = NULL;
     bignum client_pubkey;
+#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
     const_bignum server_pubkey;
+#else
+    bignum server_pubkey = NULL;
+#endif /* OPENSSL_VERSION_NUMBER */
     int packet_type;
     int rc;
 
@@ -516,6 +530,9 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
                          sig_blob);
     SSH_STRING_FREE(sig_blob);
     SSH_STRING_FREE(pubkey_blob);
+#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+    bignum_safe_free(server_pubkey);
+#endif
     if(rc != SSH_OK) {
         ssh_set_error_oom(session);
         ssh_buffer_reinit(session->out_buffer);
@@ -541,6 +558,9 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
 error:
     SSH_STRING_FREE(sig_blob);
     SSH_STRING_FREE(pubkey_blob);
+#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+    bignum_safe_free(server_pubkey);
+#endif
 
     session->session_state = SSH_SESSION_STATE_ERROR;
     ssh_dh_cleanup(session->next_crypto);
diff --git a/src/kex.c b/src/kex.c
index bd6d2664..192eb881 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -91,13 +91,13 @@
 #define ZLIB "none,zlib@openssh.com,zlib"
 #else
 #define ZLIB "none"
-#endif
+#endif /* WITH_ZLIB */
 
 #ifdef HAVE_CURVE25519
 #define CURVE25519 "curve25519-sha256,curve25519-sha256@libssh.org,"
 #else
 #define CURVE25519 ""
-#endif
+#endif /* HAVE_CURVE25519 */
 
 #ifdef HAVE_ECDH
 #define ECDH "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,"
@@ -109,7 +109,7 @@
 #define EC_HOSTKEYS ""
 #define EC_PUBLIC_KEY_ALGORITHMS ""
 #define ECDH ""
-#endif
+#endif /* HAVE_ECDH */
 
 #ifdef HAVE_DSA
 #define DSA_HOSTKEYS ",ssh-dss"
@@ -117,13 +117,13 @@
 #else
 #define DSA_HOSTKEYS ""
 #define DSA_PUBLIC_KEY_ALGORITHMS ""
-#endif
+#endif /* HAVE_DSA */
 
 #ifdef WITH_INSECURE_NONE
 #define NONE ",none"
 #else
 #define NONE
-#endif
+#endif /* WITH_INSECURE_NONE */
 
 #define HOSTKEYS "ssh-ed25519," \
                  EC_HOSTKEYS \
@@ -990,10 +990,18 @@ int ssh_make_sessionid(ssh_session session)
     ssh_buffer client_hash = NULL;
     ssh_buffer buf = NULL;
     ssh_string server_pubkey_blob = NULL;
+#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
     const_bignum client_pubkey, server_pubkey;
+#else
+    bignum client_pubkey = NULL, server_pubkey = NULL;
+#endif /* OPENSSL_VERSION_NUMBER */
 #ifdef WITH_GEX
+#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
     const_bignum modulus, generator;
-#endif
+#else
+    bignum modulus = NULL, generator = NULL;
+#endif /* OPENSSL_VERSION_NUMBER */
+#endif /* WITH_GEX */
     int rc = SSH_ERROR;
 
     buf = ssh_buffer_new();
@@ -1086,6 +1094,10 @@ int ssh_make_sessionid(ssh_session session)
         if (rc != SSH_OK) {
             goto error;
         }
+#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+        bignum_safe_free(client_pubkey);
+        bignum_safe_free(server_pubkey);
+#endif /* OPENSSL_VERSION_NUMBER */
         break;
 #ifdef WITH_GEX
     case SSH_KEX_DH_GEX_SHA1:
@@ -1117,6 +1129,10 @@ int ssh_make_sessionid(ssh_session session)
         if (rc != SSH_OK) {
             goto error;
         }
+#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+        bignum_safe_free(modulus);
+        bignum_safe_free(generator);
+#endif /* OPENSSL_VERSION_NUMBER */
         break;
 #endif /* WITH_GEX */
 #ifdef HAVE_ECDH
@@ -1136,7 +1152,7 @@ int ssh_make_sessionid(ssh_session session)
             goto error;
         }
         break;
-#endif
+#endif /* HAVE_ECDH */
 #ifdef HAVE_CURVE25519
     case SSH_KEX_CURVE25519_SHA256:
     case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
@@ -1151,7 +1167,7 @@ int ssh_make_sessionid(ssh_session session)
             goto error;
         }
         break;
-#endif
+#endif /* HAVE_CURVE25519 */
     }
     rc = ssh_buffer_pack(buf, "B", session->next_crypto->shared_secret);
     if (rc != SSH_OK) {
@@ -1240,7 +1256,7 @@ int ssh_make_sessionid(ssh_session session)
     SSH_LOG(SSH_LOG_DEBUG, "Session hash: \n");
     ssh_log_hexdump("secret hash", session->next_crypto->secret_hash, session->next_crypto->digest_len);
     ssh_log_hexdump("session id", session->next_crypto->session_id, session->next_crypto->session_id_len);
-#endif
+#endif /* DEBUG_CRYPTO */
 
     rc = SSH_OK;
 error:
@@ -1252,6 +1268,10 @@ error:
     session->out_hashbuf = NULL;
 
     SSH_STRING_FREE(num);
+#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+    bignum_safe_free(client_pubkey);
+    bignum_safe_free(server_pubkey);
+#endif /* OPENSSL_VERSION_NUMBER */
 
     return rc;
 }
@@ -1436,7 +1456,7 @@ int ssh_generate_session_keys(ssh_session session)
                    intkey_cli_to_srv_len);
     ssh_log_hexdump("Server to Client Integrity Key", intkey_srv_to_cli,
                    intkey_srv_to_cli_len);
-#endif
+#endif /* DEBUG_CRYPTO */
 
     rc = 0;
 error: