ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность

bignum: harmonize gcrypt, libcrypto and libmcrypt bignum

Просмотр исходного кода 
Ensure most of the abstraction around the 3 libs are consistent.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
Aris Adamantiadis 2015-12-31 10:48:34 +01:00 коммит произвёл Andreas Schneider
родитель 43a4f86b6e
Коммит afe2673cfa
11 изменённых файлов: 178 добавлений и 219 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
include/libssh/bignum.h
Просмотреть файл

@ -26,7 +26,6 @@
#include "libssh/libmbedcrypto.h"
bignum ssh_make_string_bn(ssh_string string);
void ssh_make_string_bn_inplace(ssh_string string, bignum bnout);
ssh_string ssh_make_bignum_string(bignum num);
void ssh_print_bignum(const char *which, const bignum num);

21
include/libssh/libcrypto.h
Просмотреть файл

@ -74,19 +74,32 @@ typedef BN_CTX* bignum_CTX;
} \
} while(0)
#define bignum_set_word(bn,n) BN_set_word(bn,n)
#define bignum_bin2bn(bn,datalen,data) BN_bin2bn(bn,datalen,data)
#define bignum_bin2bn(data, datalen, dest) \
do { \
(*dest) = BN_new(); \
if ((*dest) != NULL) { \
BN_bin2bn(data,datalen,(*dest)); \
} \
} while(0)
#define bignum_bn2dec(num) BN_bn2dec(num)
#define bignum_dec2bn(bn,data) BN_dec2bn(data,bn)
#define bignum_bn2hex(num) BN_bn2hex(num)
#define bignum_dec2bn(data, bn) BN_dec2bn(bn, data)
#define bignum_hex2bn(data, bn) BN_hex2bn(bn, data)
#define bignum_bn2hex(num, dest) (*dest)=(unsigned char *)BN_bn2hex(num)
#define bignum_rand(rnd, bits) BN_rand(rnd, bits, 0, 1)
#define bignum_rand_range(rnd, max) BN_rand_range(rnd, max)
#define bignum_ctx_new() BN_CTX_new()
#define bignum_ctx_free(num) BN_CTX_free(num)
#define bignum_ctx_invalid(ctx) ((ctx) == NULL)
#define bignum_mod_exp(dest,generator,exp,modulo,ctx) BN_mod_exp(dest,generator,exp,modulo,ctx)
#define bignum_add(dest, a, b) BN_add(dest, a, b)
#define bignum_sub(dest, a, b) BN_sub(dest, a, b)
#define bignum_mod(dest, a, b, ctx) BN_mod(dest, a, b, ctx)
#define bignum_num_bytes(num) BN_num_bytes(num)
#define bignum_num_bits(num) BN_num_bits(num)
#define bignum_is_bit_set(num,bit) BN_is_bit_set(num,bit)
#define bignum_bn2bin(num,ptr) BN_bn2bin(num,ptr)
#define bignum_bn2bin(num,len, ptr) BN_bn2bin(num, ptr)
#define bignum_cmp(num1,num2) BN_cmp(num1,num2)
#define bignum_rshift1(dest, src) BN_rshift1(dest, src)
#endif /* HAVE_LIBCRYPTO */

22
include/libssh/libgcrypt.h
Просмотреть файл

@ -50,6 +50,7 @@ typedef gcry_md_hd_t EVPCTX;
#define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
typedef gcry_mpi_t bignum;
typedef void* bignum_CTX;
/* Constants for curves. */
#define NID_gcrypt_nistp256 0
@ -59,6 +60,7 @@ typedef gcry_mpi_t bignum;
/* missing gcrypt functions */
int ssh_gcry_dec2bn(bignum *bn, const char *data);
char *ssh_gcry_bn2dec(bignum bn);
int ssh_gcry_rand_range(bignum rnd, bignum max);
#define bignum_new() gcry_mpi_new(0)
#define bignum_safe_free(num) do { \
@ -67,20 +69,28 @@ char *ssh_gcry_bn2dec(bignum bn);
(num)=NULL; \
} \
} while (0)
#define bignum_set_word(bn,n) gcry_mpi_set_ui(bn,n)
#define bignum_bin2bn(bn,datalen,data) gcry_mpi_scan(data,GCRYMPI_FMT_USG,bn,datalen,NULL)
#define bignum_free(num) gcry_mpi_release(num)
#define bignum_ctx_new() NULL
#define bignum_ctx_free(ctx) do {(ctx) = NULL;} while(0)
#define bignum_ctx_invalid(ctx) (ctx != NULL)
#define bignum_set_word(bn,n) (gcry_mpi_set_ui(bn,n)!=NULL ? 1 : 0)
#define bignum_bin2bn(data,datalen,dest) gcry_mpi_scan(dest,GCRYMPI_FMT_USG,data,datalen,NULL)
#define bignum_bn2dec(num) ssh_gcry_bn2dec(num)
#define bignum_dec2bn(num, data) ssh_gcry_dec2bn(data, num)
#define bignum_bn2hex(num,data) gcry_mpi_aprint(GCRYMPI_FMT_HEX,data,NULL,num)
#define bignum_hex2bn(num,datalen,data) gcry_mpi_scan(num,GCRYMPI_FMT_HEX,data,datalen,NULL)
#define bignum_rand(num,bits) gcry_mpi_randomize(num,bits,GCRY_STRONG_RANDOM),gcry_mpi_set_bit(num,bits-1),gcry_mpi_set_bit(num,0)
#define bignum_mod_exp(dest,generator,exp,modulo) gcry_mpi_powm(dest,generator,exp,modulo)
#define bignum_hex2bn(data, num) (gcry_mpi_scan(num,GCRYMPI_FMT_HEX,data,0,NULL)==0?1:0)
#define bignum_rand(num,bits) 1,gcry_mpi_randomize(num,bits,GCRY_STRONG_RANDOM),gcry_mpi_set_bit(num,bits-1),gcry_mpi_set_bit(num,0)
#define bignum_mod_exp(dest,generator,exp,modulo, ctx) 1,gcry_mpi_powm(dest,generator,exp,modulo)
#define bignum_num_bits(num) gcry_mpi_get_nbits(num)
#define bignum_num_bytes(num) ((gcry_mpi_get_nbits(num)+7)/8)
#define bignum_is_bit_set(num,bit) gcry_mpi_test_bit(num,bit)
#define bignum_bn2bin(num,datalen,data) gcry_mpi_print(GCRYMPI_FMT_USG,data,datalen,NULL,num)
#define bignum_cmp(num1,num2) gcry_mpi_cmp(num1,num2)
#define bignum_rshift1(dest, src) gcry_mpi_rshift (dest, src, 1)
#define bignum_add(dst, a, b) gcry_mpi_add(dst, a, b)
#define bignum_sub(dst, a, b) gcry_mpi_sub(dst, a, b)
#define bignum_mod(dst, a, b, ctx) 1,gcry_mpi_mod(dst, a, b)
#define bignum_rand_range(rnd, max) ssh_gcry_rand_range(rnd, max);
/* Helper functions for data conversions. */
/* Extract an MPI from the given s-expression SEXP named NAME which is

23
include/libssh/libmbedcrypto.h
Просмотреть файл

@ -60,6 +60,7 @@ typedef mbedtls_md_context_t *EVPCTX;
#define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
typedef mbedtls_mpi *bignum;
typedef void* bignum_CTX;
/* Constants for curves */
#define NID_mbedtls_nistp256 0
@ -73,9 +74,11 @@ struct mbedtls_ecdsa_sig {
bignum ssh_mbedcry_bn_new(void);
void ssh_mbedcry_bn_free(bignum num);
char *ssh_mbedcry_bn2num(bignum num, int radix);
unsigned char *ssh_mbedcry_bn2num(bignum num, int radix);
int ssh_mbedcry_rand(bignum rnd, int bits, int top, int bottom);
int ssh_mbedcry_is_bit_set(bignum num, size_t pos);
int ssh_mbedcry_rand_range(bignum dest, bignum max);
int ssh_mbedcry_hex2bn(bignum *dest, char *data);
#define bignum_new() ssh_mbedcry_bn_new()
#define bignum_safe_free(num) do { \
@ -84,22 +87,32 @@ int ssh_mbedcry_is_bit_set(bignum num, size_t pos);
(num)=NULL; \
} \
} while(0)
#define bignum_set_word(bn, n) mbedtls_mpi_lset(bn, n) /* TODO fix
#define bignum_ctx_new() NULL
#define bignum_ctx_free(num) do {(num) = NULL;} while(0)
#define bignum_ctx_invalid(ctx) (ctx == NULL?0:1)
#define bignum_set_word(bn, n) (mbedtls_mpi_lset(bn, n)==0?1:0) /* TODO fix
overflow/underflow */
#define bignum_bin2bn(data, datalen, bn) mbedtls_mpi_read_binary(bn, data, \
datalen)
#define bignum_bn2dec(num) ssh_mbedcry_bn2num(num, 10)
#define bignum_dec2bn(data, bn) mbedtls_mpi_read_string(bn, 10, data)
#define bignum_bn2hex(num) ssh_mbedcry_bn2num(num, 16)
#define bignum_bn2hex(num, dest) (*dest)=ssh_mbedcry_bn2num(num, 16)
#define bignum_hex2bn(data, dest) ssh_mbedcry_hex2bn(dest, data)
#define bignum_rand(rnd, bits) ssh_mbedcry_rand((rnd), (bits), 0, 1)
#define bignum_rand_range(rnd, max) ssh_mbedcry_rand_range(rnd, max)
#define bignum_mod_exp(dest, generator, exp, modulo, ctx) \
mbedtls_mpi_exp_mod(dest, generator, exp, modulo, NULL)
(mbedtls_mpi_exp_mod(dest, generator, exp, modulo, NULL)==0?1:0)
#define bignum_add(dest, a, b) mbedtls_mpi_add_mpi(dest, a, b)
#define bignum_sub(dest, a, b) mbedtls_mpi_sub_mpi(dest, a, b)
#define bignum_mod(dest, a, b, ctx) \
(mbedtls_mpi_mod_mpi(dest, a, b) == 0 ? 1 : 0)
#define bignum_num_bytes(num) mbedtls_mpi_size(num)
#define bignum_num_bits(num) mbedtls_mpi_bitlen(num)
#define bignum_is_bit_set(num, bit) ssh_mbedcry_is_bit_set(num, bit)
#define bignum_bn2bin(num, ptr) mbedtls_mpi_write_binary(num, ptr, \
#define bignum_bn2bin(num, len, ptr) mbedtls_mpi_write_binary(num, ptr, \
mbedtls_mpi_size(num))
#define bignum_cmp(num1, num2) mbedtls_mpi_cmp_mpi(num1, num2)
#define bignum_rshift1(dest, src) mbedtls_mpi_copy(dest, src), mbedtls_mpi_shift_r(dest, 1)
mbedtls_ctr_drbg_context *ssh_get_mbedtls_ctr_drbg_context(void);

54
src/bignum.c
Просмотреть файл

@ -56,13 +56,7 @@ ssh_string ssh_make_bignum_string(bignum num) {
ptr->data[0] = 0;
}
#ifdef HAVE_LIBGCRYPT
bignum_bn2bin(num, len, ptr->data + pad);
#elif HAVE_LIBCRYPTO
bignum_bn2bin(num, ptr->data + pad);
#elif HAVE_LIBMBEDCRYPTO
bignum_bn2bin(num, ptr->data + pad);
#endif
return ptr;
}
@ -76,50 +70,30 @@ bignum ssh_make_string_bn(ssh_string string){
len * 8, len);
#endif /* DEBUG_CRYPTO */
#ifdef HAVE_LIBGCRYPT
bignum_bin2bn(string->data, len, &bn);
#elif defined HAVE_LIBCRYPTO
bn = bignum_bin2bn(string->data, len, NULL);
#elif defined HAVE_LIBMBEDCRYPTO
#if defined HAVE_LIBMBEDCRYPTO
bn = bignum_new();
bignum_bin2bn(string->data, len, bn);
#else
// FIXME
bignum_bin2bn(string->data, len, &bn);
#endif
return bn;
}
void ssh_make_string_bn_inplace(ssh_string string,
UNUSED_PARAM(bignum bnout))
{
UNUSED_VAR(size_t len) = ssh_string_len(string);
#ifdef HAVE_LIBGCRYPT
/* XXX: FIXME as needed for LIBGCRYPT ECDSA codepaths. */
#elif defined HAVE_LIBCRYPTO
bignum_bin2bn(string->data, len, bnout);
#elif defined HAVE_LIBMBEDCRYPTO
bignum_bin2bn(string->data, len, bnout);
#endif
}
/* prints the bignum on stderr */
void ssh_print_bignum(const char *which, const bignum num) {
void ssh_print_bignum(const char *name, const bignum num)
{
unsigned char *hex = NULL;
if (num != NULL) {
bignum_bn2hex(num, &hex);
}
fprintf(stderr, "%s value: %s\n", name, (hex == NULL) ? "(null)" : (char *) hex);
#ifdef HAVE_LIBGCRYPT
unsigned char *hex = NULL;
bignum_bn2hex(num, &hex);
SAFE_FREE(hex);
#elif defined HAVE_LIBCRYPTO
char *hex = NULL;
hex = bignum_bn2hex(num);
OPENSSL_free(hex);
#elif defined HAVE_LIBMBEDCRYPTO
char *hex = NULL;
hex = bignum_bn2hex(num);
#endif
fprintf(stderr, "%s value: ", which);
fprintf(stderr, "%s\n", (hex == NULL) ? "(null)" : (char *) hex);
#ifdef HAVE_LIBGCRYPT
SAFE_FREE(hex);
#elif defined HAVE_LIBCRYPTO
OPENSSL_free(hex);
#elif defined HAVE_LIBMBEDCRYPTO
SAFE_FREE(hex);
SAFE_FREE(hex);
#endif
}

20
src/curve25519.c
Просмотреть файл

@ -87,13 +87,7 @@ int ssh_client_curve25519_init(ssh_session session){
static int ssh_curve25519_build_k(ssh_session session) {
ssh_curve25519_pubkey k;
#ifdef HAVE_LIBCRYPTO
session->next_crypto->k = bignum_new();
if (session->next_crypto->k == NULL) {
return SSH_ERROR;
}
#elif defined HAVE_LIBMBEDCRYPTO
#if defined HAVE_LIBMBEDCRYPTO
session->next_crypto->k = bignum_new();
if (session->next_crypto->k == NULL) {
@ -108,13 +102,15 @@ static int ssh_curve25519_build_k(ssh_session session) {
crypto_scalarmult(k, session->next_crypto->curve25519_privkey,
session->next_crypto->curve25519_server_pubkey);
#ifdef HAVE_LIBGCRYPT
#if defined HAVE_LIBMBEDCRYPTO
/* FIXME */
bignum_bin2bn(k, CURVE25519_PUBKEY_SIZE, session->next_crypto->k);
#else
bignum_bin2bn(k, CURVE25519_PUBKEY_SIZE, &session->next_crypto->k);
#elif defined HAVE_LIBCRYPTO
bignum_bin2bn(k, CURVE25519_PUBKEY_SIZE, session->next_crypto->k);
#elif defined HAVE_LIBMBEDCRYPTO
bignum_bin2bn(k, CURVE25519_PUBKEY_SIZE, session->next_crypto->k);
#endif
if (session->next_crypto->k == NULL) {
return SSH_ERROR;
}
#ifdef DEBUG_CRYPTO
ssh_print_hexa("Session server cookie",

175
src/dh.c
Просмотреть файл

@ -279,101 +279,62 @@ static bignum select_p(enum ssh_key_exchange_e type) {
*/
int ssh_dh_init(void)
{
int rc;
if (dh_crypto_initialized) {
return SSH_OK;
}
g = bignum_new();
if (g == NULL) {
return SSH_ERROR;
goto error;
}
rc = bignum_set_word(g, g_int);
if (rc != 1) {
goto error;
}
bignum_set_word(g,g_int);
#if defined(HAVE_LIBGCRYPT)
#if defined(HAVE_LIBMBEDCRYPTO)
/* FIXME */
p_group1 = bignum_new();
bignum_bin2bn(p_group1_value, P_GROUP1_LEN, p_group1);
p_group14 = bignum_new();
bignum_bin2bn(p_group14_value, P_GROUP14_LEN, p_group14);
p_group16 = bignum_new();
bignum_bin2bn(p_group16_value, P_GROUP16_LEN, p_group16);
p_group18 = bignum_new();
bignum_bin2bn(p_group18_value, P_GROUP18_LEN, p_group18);
#else
bignum_bin2bn(p_group1_value, P_GROUP1_LEN, &p_group1);
if (p_group1 == NULL) {
bignum_safe_free(g);
return SSH_ERROR;
goto error;
}
bignum_bin2bn(p_group14_value, P_GROUP14_LEN, &p_group14);
if (p_group14 == NULL) {
bignum_safe_free(g);
bignum_safe_free(p_group1);
return SSH_ERROR;
goto error;
}
bignum_bin2bn(p_group16_value, P_GROUP16_LEN, &p_group16);
if (p_group16 == NULL) {
bignum_safe_free(g);
bignum_safe_free(p_group1);
bignum_safe_free(p_group14);
return SSH_ERROR;
goto error;
}
bignum_bin2bn(p_group18_value, P_GROUP18_LEN, &p_group18);
if (p_group18 == NULL) {
bignum_safe_free(g);
bignum_safe_free(p_group1);
bignum_safe_free(p_group14);
bignum_safe_free(p_group16);
return SSH_ERROR;
goto error;
}
#elif defined(HAVE_LIBCRYPTO)
p_group1 = bignum_new();
if (p_group1 == NULL) {
bignum_safe_free(g);
return SSH_ERROR;
}
bignum_bin2bn(p_group1_value, P_GROUP1_LEN, p_group1);
p_group14 = bignum_new();
if (p_group14 == NULL) {
bignum_safe_free(g);
bignum_safe_free(p_group1);
return SSH_ERROR;
}
bignum_bin2bn(p_group14_value, P_GROUP14_LEN, p_group14);
p_group16 = bignum_new();
if (p_group16 == NULL) {
bignum_safe_free(g);
bignum_safe_free(p_group1);
bignum_safe_free(p_group14);
return SSH_ERROR;
}
bignum_bin2bn(p_group16_value, P_GROUP16_LEN, p_group16);
p_group18 = bignum_new();
if (p_group18 == NULL) {
bignum_safe_free(g);
bignum_safe_free(p_group1);
bignum_safe_free(p_group14);
bignum_safe_free(p_group16);
return SSH_ERROR;
}
bignum_bin2bn(p_group18_value, P_GROUP18_LEN, p_group18);
#elif defined(HAVE_LIBMBEDCRYPTO)
p_group1 = bignum_new();
bignum_bin2bn(p_group1_value, P_GROUP1_LEN, p_group1);
p_group14 = bignum_new();
bignum_bin2bn(p_group14_value, P_GROUP14_LEN, p_group14);
p_group16 = bignum_new();
bignum_bin2bn(p_group16_value, P_GROUP16_LEN, p_group16);
p_group18 = bignum_new();
bignum_bin2bn(p_group18_value, P_GROUP18_LEN, p_group18);
#endif
dh_crypto_initialized = 1;
return 0;
error:
bignum_safe_free(g);
bignum_safe_free(p_group1);
bignum_safe_free(p_group14);
bignum_safe_free(p_group16);
return SSH_ERROR;
}
/**
@ -470,78 +431,49 @@ int ssh_dh_generate_y(ssh_session session)
/* used by server */
int ssh_dh_generate_e(ssh_session session) {
#ifdef HAVE_LIBCRYPTO
bignum_CTX ctx = bignum_ctx_new();
if (ctx == NULL) {
if (bignum_ctx_invalid(ctx)) {
return -1;
}
#endif
session->next_crypto->e = bignum_new();
if (session->next_crypto->e == NULL) {
#ifdef HAVE_LIBCRYPTO
bignum_ctx_free(ctx);
#endif
return -1;
}
#ifdef HAVE_LIBGCRYPT
bignum_mod_exp(session->next_crypto->e, g, session->next_crypto->x,
select_p(session->next_crypto->kex_type));
#elif defined HAVE_LIBCRYPTO
bignum_mod_exp(session->next_crypto->e, g, session->next_crypto->x,
select_p(session->next_crypto->kex_type), ctx);
#elif defined HAVE_LIBMBEDCRYPTO
bignum_mod_exp(session->next_crypto->e, g, session->next_crypto->x,
select_p(session->next_crypto->kex_type), NULL);
#endif
#ifdef DEBUG_CRYPTO
ssh_print_bignum("e", session->next_crypto->e);
#endif
#ifdef HAVE_LIBCRYPTO
bignum_ctx_free(ctx);
#endif
return 0;
}
int ssh_dh_generate_f(ssh_session session) {
#ifdef HAVE_LIBCRYPTO
bignum_CTX ctx = bignum_ctx_new();
if (ctx == NULL) {
if (bignum_ctx_invalid(ctx)) {
return -1;
}
#endif
}
session->next_crypto->f = bignum_new();
if (session->next_crypto->f == NULL) {
#ifdef HAVE_LIBCRYPTO
bignum_ctx_free(ctx);
#endif
return -1;
}
#ifdef HAVE_LIBGCRYPT
bignum_mod_exp(session->next_crypto->f, g, session->next_crypto->y,
select_p(session->next_crypto->kex_type));
#elif defined HAVE_LIBCRYPTO
bignum_mod_exp(session->next_crypto->f, g, session->next_crypto->y,
select_p(session->next_crypto->kex_type), ctx);
#elif defined HAVE_LIBMBEDCRYPTO
bignum_mod_exp(session->next_crypto->f, g, session->next_crypto->y,
select_p(session->next_crypto->kex_type), NULL);
#endif
#ifdef DEBUG_CRYPTO
ssh_print_bignum("f", session->next_crypto->f);
#endif
#ifdef HAVE_LIBCRYPTO
bignum_ctx_free(ctx);
#endif
return 0;
}
@ -595,47 +527,26 @@ int ssh_dh_import_e(ssh_session session, ssh_string e_string) {
}
int ssh_dh_build_k(ssh_session session) {
#ifdef HAVE_LIBCRYPTO
int rc;
bignum_CTX ctx = bignum_ctx_new();
if (ctx == NULL) {
if (bignum_ctx_invalid(ctx)) {
return -1;
}
#endif
session->next_crypto->k = bignum_new();
if (session->next_crypto->k == NULL) {
#ifdef HAVE_LIBCRYPTO
bignum_ctx_free(ctx);
#endif
return -1;
}
/* the server and clients don't use the same numbers */
#ifdef HAVE_LIBGCRYPT
if(session->client) {
bignum_mod_exp(session->next_crypto->k, session->next_crypto->f,
session->next_crypto->x, select_p(session->next_crypto->kex_type));
} else {
bignum_mod_exp(session->next_crypto->k, session->next_crypto->e,
session->next_crypto->y, select_p(session->next_crypto->kex_type));
}
#elif defined HAVE_LIBCRYPTO
/* the server and clients don't use the same numbers */
if (session->client) {
bignum_mod_exp(session->next_crypto->k, session->next_crypto->f,
rc = bignum_mod_exp(session->next_crypto->k, session->next_crypto->f,
session->next_crypto->x, select_p(session->next_crypto->kex_type), ctx);
} else {
bignum_mod_exp(session->next_crypto->k, session->next_crypto->e,
rc = bignum_mod_exp(session->next_crypto->k, session->next_crypto->e,
session->next_crypto->y, select_p(session->next_crypto->kex_type), ctx);
}
#elif defined HAVE_LIBMBEDCRYPTO
if (session->client) {
bignum_mod_exp(session->next_crypto->k, session->next_crypto->f,
session->next_crypto->x, select_p(session->next_crypto->kex_type), NULL);
} else {
bignum_mod_exp(session->next_crypto->k, session->next_crypto->e,
session->next_crypto->y, select_p(session->next_crypto->kex_type), NULL);
}
#endif
#ifdef DEBUG_CRYPTO
ssh_print_hexa("Session server cookie",
@ -645,11 +556,11 @@ int ssh_dh_build_k(ssh_session session) {
ssh_print_bignum("Shared secret key", session->next_crypto->k);
#endif
#ifdef HAVE_LIBCRYPTO
bignum_ctx_free(ctx);
#endif
return 0;
if (rc != 1) {
return SSH_ERROR;
}
return SSH_OK;
}
static SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply);

14
src/ecdh_crypto.c
Просмотреть файл

@ -128,12 +128,6 @@ int ecdh_build_k(ssh_session session) {
return -1;
}
session->next_crypto->k = bignum_new();
if (session->next_crypto->k == NULL) {
bignum_ctx_free(ctx);
return -1;
}
pubkey = EC_POINT_new(group);
if (pubkey == NULL) {
bignum_ctx_free(ctx);
@ -176,9 +170,13 @@ int ecdh_build_k(ssh_session session) {
return -1;
}
bignum_bin2bn(buffer, len, session->next_crypto->k);
bignum_bin2bn(buffer, len, &session->next_crypto->k);
free(buffer);
if (session->next_crypto->k == NULL) {
EC_KEY_free(session->next_crypto->ecdh_privkey);
session->next_crypto->ecdh_privkey = NULL;
return -1;
}
EC_KEY_free(session->next_crypto->ecdh_privkey);
session->next_crypto->ecdh_privkey = NULL;

18
src/gcrypt_missing.c
Просмотреть файл

@ -99,4 +99,22 @@ char *ssh_gcry_bn2dec(bignum bn) {
return ret;
}
/** @brief generates a random integer between 0 and max
* @returns 1 in case of success, 0 otherwise
*/
int ssh_gcry_rand_range(bignum dest, bignum max)
{
size_t bits;
bignum rnd;
bits = bignum_num_bits(max) + 64;
rnd = bignum_new();
if (rnd == NULL) {
return 0;
}
bignum_rand(rnd, bits);
gcry_mpi_mod(dest, rnd, max);
bignum_safe_free(rnd);
return 1;
}
#endif

9
src/known_hosts.c
Просмотреть файл

@ -39,15 +39,6 @@
/*todo: remove this include */
#include "libssh/string.h"
#ifdef HAVE_LIBGCRYPT
#include <gcrypt.h>
#elif defined HAVE_LIBCRYPTO
#include <openssl/pem.h>
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#endif /* HAVE_LIBCRYPTO */
#ifndef _WIN32
# include <netinet/in.h>
# include <arpa/inet.h>

40
src/mbedcrypto_missing.c
Просмотреть файл

@ -45,7 +45,7 @@ void ssh_mbedcry_bn_free(bignum bn)
SAFE_FREE(bn);
}
char *ssh_mbedcry_bn2num(bignum num, int radix)
unsigned char *ssh_mbedcry_bn2num(bignum num, int radix)
{
char *buf = NULL;
size_t olen;
@ -67,7 +67,7 @@ char *ssh_mbedcry_bn2num(bignum num, int radix)
return NULL;
}
return buf;
return (unsigned char *) buf;
}
int ssh_mbedcry_rand(bignum rnd, int bits, int top, int bottom)
@ -127,4 +127,40 @@ int ssh_mbedcry_is_bit_set(bignum num, size_t pos)
bit = mbedtls_mpi_get_bit(num, pos);
return bit;
}
/** @brief generates a random integer between 0 and max
* @returns 1 in case of success, 0 otherwise
*/
int ssh_mbedcry_rand_range(bignum dest, bignum max)
{
size_t bits;
bignum rnd;
bits = bignum_num_bits(max) + 64;
rnd = bignum_new();
if (rnd == NULL){
return 0;
}
bignum_rand(rnd, bits);
mbedtls_mpi_mod_mpi(dest, rnd, max);
bignum_safe_free(rnd);
return 1;
}
int ssh_mbedcry_hex2bn(bignum *dest, char *data)
{
int rc;
*dest = bignum_new();
if (*dest == NULL){
return 0;
}
rc = mbedtls_mpi_read_string(*dest, 16, data);
if (rc == 0) {
return 1;
}
return 0;
}
#endif