ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность

mbedtls: Use getter for ssh_mbedtls_ctr_drbg

Просмотр исходного кода 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
Andreas Schneider 2018-08-20 15:56:14 +02:00
родитель 1d9f548204
Коммит 85d2c0371a
5 изменённых файлов: 62 добавлений и 25 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
include/libssh/libmbedcrypto.h
Просмотреть файл

@ -101,8 +101,7 @@ int ssh_mbedcry_is_bit_set(bignum num, size_t pos);
mbedtls_mpi_size(num))
#define bignum_cmp(num1, num2) mbedtls_mpi_cmp_mpi(num1, num2)
mbedtls_entropy_context ssh_mbedtls_entropy;
mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
mbedtls_ctr_drbg_context *ssh_get_mbedtls_ctr_drbg_context(void);
int ssh_mbedtls_random(void *where, int len, int strong);

25
src/ecdh_mbedcrypto.c
Просмотреть файл

@ -79,9 +79,11 @@ int ssh_client_ecdh_init(ssh_session session)
goto out;
}
rc = mbedtls_ecp_gen_keypair(&grp, &session->next_crypto->ecdh_privkey->d,
&session->next_crypto->ecdh_privkey->Q, mbedtls_ctr_drbg_random,
&ssh_mbedtls_ctr_drbg);
rc = mbedtls_ecp_gen_keypair(&grp,
&session->next_crypto->ecdh_privkey->d,
&session->next_crypto->ecdh_privkey->Q,
mbedtls_ctr_drbg_random,
ssh_get_mbedtls_ctr_drbg_context());
if (rc != 0) {
rc = SSH_ERROR;
@ -157,9 +159,12 @@ int ecdh_build_k(ssh_session session)
mbedtls_mpi_init(session->next_crypto->k);
rc = mbedtls_ecdh_compute_shared(&grp, session->next_crypto->k, &pubkey,
&session->next_crypto->ecdh_privkey->d, mbedtls_ctr_drbg_random,
&ssh_mbedtls_ctr_drbg);
rc = mbedtls_ecdh_compute_shared(&grp,
session->next_crypto->k,
&pubkey,
&session->next_crypto->ecdh_privkey->d,
mbedtls_ctr_drbg_random,
ssh_get_mbedtls_ctr_drbg_context());
if (rc != 0) {
rc = SSH_ERROR;
goto out;
@ -213,9 +218,11 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet)
goto out;
}
rc = mbedtls_ecp_gen_keypair(&grp, &session->next_crypto->ecdh_privkey->d,
&session->next_crypto->ecdh_privkey->Q, mbedtls_ctr_drbg_random,
&ssh_mbedtls_ctr_drbg);
rc = mbedtls_ecp_gen_keypair(&grp,
&session->next_crypto->ecdh_privkey->d,
&session->next_crypto->ecdh_privkey->Q,
mbedtls_ctr_drbg_random,
ssh_get_mbedtls_ctr_drbg_context());
if (rc != 0) {
rc = SSH_ERROR;
goto out;

8
src/libmbedcrypto.c
Просмотреть файл

@ -30,6 +30,9 @@
#ifdef HAVE_LIBMBEDCRYPTO
#include <mbedtls/md.h>
static mbedtls_entropy_context ssh_mbedtls_entropy;
static mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
struct ssh_mac_ctx_struct {
enum ssh_mac_e mac_type;
mbedtls_md_context_t ctx;
@ -999,6 +1002,11 @@ int ssh_mbedtls_random(void *where, int len, int strong)
return !rc;
}
mbedtls_ctr_drbg_context *ssh_get_mbedtls_ctr_drbg_context(void)
{
return &ssh_mbedtls_ctr_drbg;
}
void ssh_crypto_finalize(void)
{
if (!libmbedcrypto_initialized) {

6
src/mbedcrypto_missing.c
Просмотреть файл

@ -81,8 +81,10 @@ int ssh_mbedcry_rand(bignum rnd, int bits, int top, int bottom)
}
len = bits / 8 + 1;
rc = mbedtls_mpi_fill_random(rnd, len, mbedtls_ctr_drbg_random,
&ssh_mbedtls_ctr_drbg);
rc = mbedtls_mpi_fill_random(rnd,
len,
mbedtls_ctr_drbg_random,
ssh_get_mbedtls_ctr_drbg_context());
if (rc != 0) {
return 0;
}

45
src/pki_mbedcrypto.c
Просмотреть файл

@ -398,8 +398,11 @@ int pki_key_generate_rsa(ssh_key key, int parameter)
}
if (mbedtls_pk_can_do(key->rsa, MBEDTLS_PK_RSA)) {
rc = mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key->rsa), mbedtls_ctr_drbg_random,
&ssh_mbedtls_ctr_drbg, parameter, 65537);
rc = mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key->rsa),
mbedtls_ctr_drbg_random,
ssh_get_mbedtls_ctr_drbg_context(),
parameter,
65537);
if (rc != 0) {
mbedtls_pk_free(key->rsa);
return SSH_ERROR;
@ -980,8 +983,14 @@ static ssh_string rsa_do_sign(const unsigned char *digest, int dlen,
return NULL;
}
ok = mbedtls_pk_sign(privkey, MBEDTLS_MD_SHA1, digest, dlen, sig, &slen,
mbedtls_ctr_drbg_random, &ssh_mbedtls_ctr_drbg);
ok = mbedtls_pk_sign(privkey,
MBEDTLS_MD_SHA1,
digest,
dlen,
sig,
&slen,
mbedtls_ctr_drbg_random,
ssh_get_mbedtls_ctr_drbg_context());
if (ok != 0) {
SAFE_FREE(sig);
@ -1036,9 +1045,14 @@ ssh_signature pki_do_sign(const ssh_key privkey, const unsigned char *hash,
return NULL;
}
rc = mbedtls_ecdsa_sign(&privkey->ecdsa->grp, sig->ecdsa_sig.r,
sig->ecdsa_sig.s, &privkey->ecdsa->d, hash, hlen,
mbedtls_ctr_drbg_random, &ssh_mbedtls_ctr_drbg);
rc = mbedtls_ecdsa_sign(&privkey->ecdsa->grp,
sig->ecdsa_sig.r,
sig->ecdsa_sig.s,
&privkey->ecdsa->d,
hash,
hlen,
mbedtls_ctr_drbg_random,
ssh_get_mbedtls_ctr_drbg_context());
if (rc != 0) {
ssh_signature_free(sig);
return NULL;
@ -1094,9 +1108,14 @@ ssh_signature pki_do_sign_sessionid(const ssh_key key, const unsigned char
return NULL;
}
rc = mbedtls_ecdsa_sign(&key->ecdsa->grp, sig->ecdsa_sig.r,
sig->ecdsa_sig.s, &key->ecdsa->d, hash, hlen,
mbedtls_ctr_drbg_random, &ssh_mbedtls_ctr_drbg);
rc = mbedtls_ecdsa_sign(&key->ecdsa->grp,
sig->ecdsa_sig.r,
sig->ecdsa_sig.s,
&key->ecdsa->d,
hash,
hlen,
mbedtls_ctr_drbg_random,
ssh_get_mbedtls_ctr_drbg_context());
if (rc != 0) {
ssh_signature_free(sig);
return NULL;
@ -1247,8 +1266,10 @@ int pki_key_generate_ecdsa(ssh_key key, int parameter)
mbedtls_ecdsa_init(key->ecdsa);
ok = mbedtls_ecdsa_genkey(key->ecdsa, pki_key_ecdsa_nid_to_mbed_gid(nid),
mbedtls_ctr_drbg_random, &ssh_mbedtls_ctr_drbg);
ok = mbedtls_ecdsa_genkey(key->ecdsa,
pki_key_ecdsa_nid_to_mbed_gid(nid),
mbedtls_ctr_drbg_random,
ssh_get_mbedtls_ctr_drbg_context());
if (ok != 0) {
mbedtls_ecdsa_free(key->ecdsa);