1
1
Fork 0

kdf: Avoid endianess issues

The key_type is only a letter, if we use and `int` and then cast it to
(const char *) we will end up with a 0 value on big endian.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
This commit is contained in:
Andreas Schneider 2022-09-07 12:40:00 +02:00
parent 9bb91df20f
commit e0c2f2809b
6 changed files with 8 additions and 9 deletions

View File

@ -219,7 +219,7 @@ struct ssh_cipher_struct {
const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(void);
int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len);
int secure_memcmp(const void *s1, const void *s2, size_t n);

View File

@ -103,7 +103,7 @@ size_t hmac_digest_len(enum ssh_hmac_e type);
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len);
int crypt_set_algorithms_client(ssh_session session);

View File

@ -116,14 +116,13 @@ static void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx)
int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len)
{
/* Can't use VLAs with Visual Studio, so allocate the biggest
* digest buffer we can possibly need */
unsigned char digest[DIGEST_MAX_LEN];
size_t output_len = crypto->digest_len;
char letter = key_type;
ssh_mac_ctx ctx;
if (DIGEST_MAX_LEN < crypto->digest_len) {
@ -137,7 +136,7 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
ssh_mac_update(ctx, key, key_len);
ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
ssh_mac_update(ctx, &letter, 1);
ssh_mac_update(ctx, &key_type, 1);
ssh_mac_update(ctx, crypto->session_id, crypto->session_id_len);
ssh_mac_final(digest, ctx);

View File

@ -214,7 +214,7 @@ static const char *sshkdf_digest_to_md(enum ssh_kdf_digest digest_type)
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len)
{
int rc = -1;
@ -330,7 +330,7 @@ out:
#else
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len)
{
return sshkdf_derive_key(crypto, key, key_len,

View File

@ -124,7 +124,7 @@ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len)
{
return sshkdf_derive_key(crypto, key, key_len,

View File

@ -127,7 +127,7 @@ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
int key_type, unsigned char *output,
uint8_t key_type, unsigned char *output,
size_t requested_len)
{
return sshkdf_derive_key(crypto, key, key_len,