ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность

Change const bignum to bignum

Просмотр исходного кода 
Openssl3.0 API retrieves bignum variables from a key.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
Norbert Pocs 2022-06-23 15:47:19 +00:00 коммит произвёл Andreas Schneider
родитель a9dddd89aa
Коммит 20c13a2c76
4 изменённых файлов: 70 добавлений и 10 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

10
include/libssh/dh.h
Просмотреть файл

@ -34,14 +34,24 @@ struct dh_ctx;
int ssh_dh_init_common(struct ssh_crypto_struct *crypto); int ssh_dh_init_common(struct ssh_crypto_struct *crypto);
void ssh_dh_cleanup(struct ssh_crypto_struct *crypto); void ssh_dh_cleanup(struct ssh_crypto_struct *crypto);
#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
int ssh_dh_get_parameters(struct dh_ctx *ctx, int ssh_dh_get_parameters(struct dh_ctx *ctx,
const_bignum *modulus, const_bignum *generator); const_bignum *modulus, const_bignum *generator);
#else
int ssh_dh_get_parameters(struct dh_ctx *ctx,
bignum *modulus, bignum *generator);
#endif /* OPENSSL_VERSION_NUMBER */
int ssh_dh_set_parameters(struct dh_ctx *ctx, int ssh_dh_set_parameters(struct dh_ctx *ctx,
const bignum modulus, const bignum generator); const bignum modulus, const bignum generator);
int ssh_dh_keypair_gen_keys(struct dh_ctx *ctx, int peer); int ssh_dh_keypair_gen_keys(struct dh_ctx *ctx, int peer);
#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer, int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
const_bignum *priv, const_bignum *pub); const_bignum *priv, const_bignum *pub);
#else
int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
bignum *priv, bignum *pub);
#endif /* OPENSSL_VERSION_NUMBER */
int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer, int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
const bignum priv, const bignum pub); const bignum priv, const bignum pub);

10
src/dh-gex.c
Просмотреть файл

@ -108,7 +108,11 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
bignum pmin1 = NULL, one = NULL; bignum pmin1 = NULL, one = NULL;
bignum_CTX ctx = bignum_ctx_new(); bignum_CTX ctx = bignum_ctx_new();
bignum modulus = NULL, generator = NULL; bignum modulus = NULL, generator = NULL;
#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
const_bignum pubkey; const_bignum pubkey;
#else
bignum pubkey = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
(void) type; (void) type;
(void) user; (void) user;
@ -212,6 +216,9 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
if (rc != SSH_OK) { if (rc != SSH_OK) {
goto error; goto error;
} }
#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
bignum_safe_free(pubkey);
#endif /* OPENSSL_VERSION_NUMBER */
session->dh_handshake_state = DH_STATE_INIT_SENT; session->dh_handshake_state = DH_STATE_INIT_SENT;
@ -229,6 +236,9 @@ error:
bignum_safe_free(generator); bignum_safe_free(generator);
bignum_safe_free(one); bignum_safe_free(one);
bignum_safe_free(pmin1); bignum_safe_free(pmin1);
#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
bignum_safe_free(pubkey);
#endif /* OPENSSL_VERSION_NUMBER */
if(!bignum_ctx_invalid(ctx)) { if(!bignum_ctx_invalid(ctx)) {
bignum_ctx_free(ctx); bignum_ctx_free(ctx);
} }

20
src/dh.c
Просмотреть файл

@ -309,7 +309,11 @@ static struct ssh_packet_callbacks_struct ssh_dh_client_callbacks = {
*/ */
int ssh_client_dh_init(ssh_session session){ int ssh_client_dh_init(ssh_session session){
struct ssh_crypto_struct *crypto = session->next_crypto; struct ssh_crypto_struct *crypto = session->next_crypto;
#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
const_bignum pubkey; const_bignum pubkey;
#else
bignum pubkey = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
int rc; int rc;
rc = ssh_dh_init_common(crypto); rc = ssh_dh_init_common(crypto);
@ -330,6 +334,9 @@ int ssh_client_dh_init(ssh_session session){
if (rc != SSH_OK) { if (rc != SSH_OK) {
goto error; goto error;
} }
#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
bignum_safe_free(pubkey);
#endif
/* register the packet callbacks */ /* register the packet callbacks */
ssh_packet_set_callbacks(session, &ssh_dh_client_callbacks); ssh_packet_set_callbacks(session, &ssh_dh_client_callbacks);
@ -338,6 +345,9 @@ int ssh_client_dh_init(ssh_session session){
rc = ssh_packet_send(session); rc = ssh_packet_send(session);
return rc; return rc;
error: error:
#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
bignum_safe_free(pubkey);
#endif
ssh_dh_cleanup(crypto); ssh_dh_cleanup(crypto);
return SSH_ERROR; return SSH_ERROR;
} }
@ -436,7 +446,11 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
ssh_string sig_blob = NULL; ssh_string sig_blob = NULL;
ssh_string pubkey_blob = NULL; ssh_string pubkey_blob = NULL;
bignum client_pubkey; bignum client_pubkey;
#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
const_bignum server_pubkey; const_bignum server_pubkey;
#else
bignum server_pubkey = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
int packet_type; int packet_type;
int rc; int rc;
@ -516,6 +530,9 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
sig_blob); sig_blob);
SSH_STRING_FREE(sig_blob); SSH_STRING_FREE(sig_blob);
SSH_STRING_FREE(pubkey_blob); SSH_STRING_FREE(pubkey_blob);
#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
bignum_safe_free(server_pubkey);
#endif
if(rc != SSH_OK) { if(rc != SSH_OK) {
ssh_set_error_oom(session); ssh_set_error_oom(session);
ssh_buffer_reinit(session->out_buffer); ssh_buffer_reinit(session->out_buffer);
@ -541,6 +558,9 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
error: error:
SSH_STRING_FREE(sig_blob); SSH_STRING_FREE(sig_blob);
SSH_STRING_FREE(pubkey_blob); SSH_STRING_FREE(pubkey_blob);
#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
bignum_safe_free(server_pubkey);
#endif
session->session_state = SSH_SESSION_STATE_ERROR; session->session_state = SSH_SESSION_STATE_ERROR;
ssh_dh_cleanup(session->next_crypto); ssh_dh_cleanup(session->next_crypto);

40
src/kex.c
Просмотреть файл

@ -91,13 +91,13 @@
#define ZLIB "none,zlib@openssh.com,zlib" #define ZLIB "none,zlib@openssh.com,zlib"
#else #else
#define ZLIB "none" #define ZLIB "none"
#endif #endif /* WITH_ZLIB */
#ifdef HAVE_CURVE25519 #ifdef HAVE_CURVE25519
#define CURVE25519 "curve25519-sha256,curve25519-sha256@libssh.org," #define CURVE25519 "curve25519-sha256,curve25519-sha256@libssh.org,"
#else #else
#define CURVE25519 "" #define CURVE25519 ""
#endif #endif /* HAVE_CURVE25519 */
#ifdef HAVE_ECDH #ifdef HAVE_ECDH
#define ECDH "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521," #define ECDH "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,"
@ -109,7 +109,7 @@
#define EC_HOSTKEYS "" #define EC_HOSTKEYS ""
#define EC_PUBLIC_KEY_ALGORITHMS "" #define EC_PUBLIC_KEY_ALGORITHMS ""
#define ECDH "" #define ECDH ""
#endif #endif /* HAVE_ECDH */
#ifdef HAVE_DSA #ifdef HAVE_DSA
#define DSA_HOSTKEYS ",ssh-dss" #define DSA_HOSTKEYS ",ssh-dss"
@ -117,13 +117,13 @@
#else #else
#define DSA_HOSTKEYS "" #define DSA_HOSTKEYS ""
#define DSA_PUBLIC_KEY_ALGORITHMS "" #define DSA_PUBLIC_KEY_ALGORITHMS ""
#endif #endif /* HAVE_DSA */
#ifdef WITH_INSECURE_NONE #ifdef WITH_INSECURE_NONE
#define NONE ",none" #define NONE ",none"
#else #else
#define NONE #define NONE
#endif #endif /* WITH_INSECURE_NONE */
#define HOSTKEYS "ssh-ed25519," \ #define HOSTKEYS "ssh-ed25519," \
EC_HOSTKEYS \ EC_HOSTKEYS \
@ -990,10 +990,18 @@ int ssh_make_sessionid(ssh_session session)
ssh_buffer client_hash = NULL; ssh_buffer client_hash = NULL;
ssh_buffer buf = NULL; ssh_buffer buf = NULL;
ssh_string server_pubkey_blob = NULL; ssh_string server_pubkey_blob = NULL;
#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
const_bignum client_pubkey, server_pubkey; const_bignum client_pubkey, server_pubkey;
#else
bignum client_pubkey = NULL, server_pubkey = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
#ifdef WITH_GEX #ifdef WITH_GEX
#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
const_bignum modulus, generator; const_bignum modulus, generator;
#endif #else
bignum modulus = NULL, generator = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
#endif /* WITH_GEX */
int rc = SSH_ERROR; int rc = SSH_ERROR;
buf = ssh_buffer_new(); buf = ssh_buffer_new();
@ -1086,6 +1094,10 @@ int ssh_make_sessionid(ssh_session session)
if (rc != SSH_OK) { if (rc != SSH_OK) {
goto error; goto error;
} }
#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
bignum_safe_free(client_pubkey);
bignum_safe_free(server_pubkey);
#endif /* OPENSSL_VERSION_NUMBER */
break; break;
#ifdef WITH_GEX #ifdef WITH_GEX
case SSH_KEX_DH_GEX_SHA1: case SSH_KEX_DH_GEX_SHA1:
@ -1117,6 +1129,10 @@ int ssh_make_sessionid(ssh_session session)
if (rc != SSH_OK) { if (rc != SSH_OK) {
goto error; goto error;
} }
#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
bignum_safe_free(modulus);
bignum_safe_free(generator);
#endif /* OPENSSL_VERSION_NUMBER */
break; break;
#endif /* WITH_GEX */ #endif /* WITH_GEX */
#ifdef HAVE_ECDH #ifdef HAVE_ECDH
@ -1136,7 +1152,7 @@ int ssh_make_sessionid(ssh_session session)
goto error; goto error;
} }
break; break;
#endif #endif /* HAVE_ECDH */
#ifdef HAVE_CURVE25519 #ifdef HAVE_CURVE25519
case SSH_KEX_CURVE25519_SHA256: case SSH_KEX_CURVE25519_SHA256:
case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG: case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
@ -1151,7 +1167,7 @@ int ssh_make_sessionid(ssh_session session)
goto error; goto error;
} }
break; break;
#endif #endif /* HAVE_CURVE25519 */
} }
rc = ssh_buffer_pack(buf, "B", session->next_crypto->shared_secret); rc = ssh_buffer_pack(buf, "B", session->next_crypto->shared_secret);
if (rc != SSH_OK) { if (rc != SSH_OK) {
@ -1240,7 +1256,7 @@ int ssh_make_sessionid(ssh_session session)
SSH_LOG(SSH_LOG_DEBUG, "Session hash: \n"); SSH_LOG(SSH_LOG_DEBUG, "Session hash: \n");
ssh_log_hexdump("secret hash", session->next_crypto->secret_hash, session->next_crypto->digest_len); ssh_log_hexdump("secret hash", session->next_crypto->secret_hash, session->next_crypto->digest_len);
ssh_log_hexdump("session id", session->next_crypto->session_id, session->next_crypto->session_id_len); ssh_log_hexdump("session id", session->next_crypto->session_id, session->next_crypto->session_id_len);
#endif #endif /* DEBUG_CRYPTO */
rc = SSH_OK; rc = SSH_OK;
error: error:
@ -1252,6 +1268,10 @@ error:
session->out_hashbuf = NULL; session->out_hashbuf = NULL;
SSH_STRING_FREE(num); SSH_STRING_FREE(num);
#if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
bignum_safe_free(client_pubkey);
bignum_safe_free(server_pubkey);
#endif /* OPENSSL_VERSION_NUMBER */
return rc; return rc;
} }
@ -1436,7 +1456,7 @@ int ssh_generate_session_keys(ssh_session session)
intkey_cli_to_srv_len); intkey_cli_to_srv_len);
ssh_log_hexdump("Server to Client Integrity Key", intkey_srv_to_cli, ssh_log_hexdump("Server to Client Integrity Key", intkey_srv_to_cli,
intkey_srv_to_cli_len); intkey_srv_to_cli_len);
#endif #endif /* DEBUG_CRYPTO */
rc = 0; rc = 0;
error: error: