lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Code Activity

Port functions to openssl3.0

Browse Source 
Remove usage of deprecated functions.
Exceptions are:
  - pkcs11 (no openssl provider support yet)
  - ec (no support for uncompressed EC keys
    https://github.com/openssl/openssl/pull/16624)

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Norbert Pocs
2022-06-23 15:36:14 +00:00
committed by Andreas Schneider
parent fdf518435c
commit 7792d38157
3 changed files with 1635 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files

342
src/dh_crypto.c
View File

@@ -30,6 +30,13 @@
#include "openssl/crypto.h" #include "openssl/crypto.h"
#include "openssl/dh.h" #include "openssl/dh.h"
#include "libcrypto-compat.h" #include "libcrypto-compat.h"
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/evp.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
#include <openssl/param_build.h>
#include <openssl/err.h>
#endif /* OPENSSL_VERSION_NUMBER */
extern bignum ssh_dh_generator; extern bignum ssh_dh_generator;
extern bignum ssh_dh_group1; extern bignum ssh_dh_group1;
@@ -38,13 +45,21 @@ extern bignum ssh_dh_group16;
extern bignum ssh_dh_group18; extern bignum ssh_dh_group18;
struct dh_ctx { struct dh_ctx {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
DH *keypair[2]; DH *keypair[2];
#else
EVP_PKEY *keypair[2];
#endif /* OPENSSL_VERSION_NUMBER */
}; };
void ssh_dh_debug_crypto(struct ssh_crypto_struct *c) void ssh_dh_debug_crypto(struct ssh_crypto_struct *c)
{ {
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
#if OPENSSL_VERSION_NUMBER < 0x30000000L
const_bignum x = NULL, y = NULL, e = NULL, f = NULL; const_bignum x = NULL, y = NULL, e = NULL, f = NULL;
#else
bignum x = NULL, y = NULL, e = NULL, f = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
ssh_dh_keypair_get_keys(c->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e); ssh_dh_keypair_get_keys(c->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e);
ssh_dh_keypair_get_keys(c->dh_ctx, DH_SERVER_KEYPAIR, &y, &f); ssh_dh_keypair_get_keys(c->dh_ctx, DH_SERVER_KEYPAIR, &y, &f);
@@ -52,6 +67,12 @@ void ssh_dh_debug_crypto(struct ssh_crypto_struct *c)
ssh_print_bignum("y", y); ssh_print_bignum("y", y);
ssh_print_bignum("e", e); ssh_print_bignum("e", e);
ssh_print_bignum("f", f); ssh_print_bignum("f", f);
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
bignum_safe_free(x);
bignum_safe_free(y);
bignum_safe_free(e);
bignum_safe_free(f);
#endif /* OPENSSL_VERSION_NUMBER */
ssh_log_hexdump("Session server cookie", c->server_kex.cookie, 16); ssh_log_hexdump("Session server cookie", c->server_kex.cookie, 16);
ssh_log_hexdump("Session client cookie", c->client_kex.cookie, 16); ssh_log_hexdump("Session client cookie", c->client_kex.cookie, 16);
@@ -59,9 +80,10 @@ void ssh_dh_debug_crypto(struct ssh_crypto_struct *c)
#else #else
(void)c; /* UNUSED_PARAM */ (void)c; /* UNUSED_PARAM */
#endif #endif /* DEBUG_CRYPTO */
} }
#if OPENSSL_VERSION_NUMBER < 0x30000000L
int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer, int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
const_bignum *priv, const_bignum *pub) const_bignum *priv, const_bignum *pub)
{ {
@@ -70,7 +92,9 @@ int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
(ctx->keypair[peer] == NULL)) { (ctx->keypair[peer] == NULL)) {
return SSH_ERROR; return SSH_ERROR;
} }
DH_get0_key(ctx->keypair[peer], pub, priv); DH_get0_key(ctx->keypair[peer], pub, priv);
if (priv && (*priv == NULL || bignum_num_bits(*priv) == 0)) { if (priv && (*priv == NULL || bignum_num_bits(*priv) == 0)) {
return SSH_ERROR; return SSH_ERROR;
} }
@@ -81,12 +105,13 @@ int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
return SSH_OK; return SSH_OK;
} }
int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer, #else
const bignum priv, const bignum pub) /* If set *priv and *pub should be initialized
* to NULL before calling this function*/
int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
bignum *priv, bignum *pub)
{ {
bignum priv_key = NULL; int rc;
bignum pub_key = NULL;
if (((peer != DH_CLIENT_KEYPAIR) && (peer != DH_SERVER_KEYPAIR)) || if (((peer != DH_CLIENT_KEYPAIR) && (peer != DH_SERVER_KEYPAIR)) ||
((priv == NULL) && (pub == NULL)) || (ctx == NULL) || ((priv == NULL) && (pub == NULL)) || (ctx == NULL) ||
(ctx->keypair[peer] == NULL)) { (ctx->keypair[peer] == NULL)) {
@@ -94,16 +119,145 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
} }
if (priv) { if (priv) {
priv_key = priv; rc = EVP_PKEY_get_bn_param(ctx->keypair[peer],
OSSL_PKEY_PARAM_PRIV_KEY,
priv);
if (rc != 1) {
return SSH_ERROR;
}
} }
if (pub) { if (pub) {
pub_key = pub; rc = EVP_PKEY_get_bn_param(ctx->keypair[peer],
OSSL_PKEY_PARAM_PUB_KEY,
pub);
if (rc != 1) {
return SSH_ERROR;
}
}
if (priv && (*priv == NULL || bignum_num_bits(*priv) == 0)) {
if (pub && (*pub != NULL && bignum_num_bits(*pub) != 0)) {
bignum_safe_free(*pub);
*pub = NULL;
}
return SSH_ERROR;
}
if (pub && (*pub == NULL || bignum_num_bits(*pub) == 0)) {
if (priv) {
bignum_safe_free(*priv);
*priv = NULL;
}
return SSH_ERROR;
} }
(void)DH_set0_key(ctx->keypair[peer], pub_key, priv_key);
return SSH_OK; return SSH_OK;
} }
#endif /* OPENSSL_VERSION_NUMBER */
int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
const bignum priv, const bignum pub)
{
#if OPENSSL_VERSION_NUMBER < 0x30000000L
bignum priv_key = NULL;
bignum pub_key = NULL;
#else
int rc;
OSSL_PARAM *params = NULL, *out_params = NULL, *merged_params = NULL;
OSSL_PARAM_BLD *param_bld = NULL;
EVP_PKEY_CTX *evp_ctx = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
if (((peer != DH_CLIENT_KEYPAIR) && (peer != DH_SERVER_KEYPAIR)) ||
((priv == NULL) && (pub == NULL)) || (ctx == NULL) ||
(ctx->keypair[peer] == NULL)) {
return SSH_ERROR;
}
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
rc = EVP_PKEY_todata(ctx->keypair[peer], EVP_PKEY_KEYPAIR, &out_params);
if (rc != 1) {
return SSH_ERROR;
}
param_bld = OSSL_PARAM_BLD_new();
if (param_bld == NULL) {
rc = SSH_ERROR;
goto out;
}
evp_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, ctx->keypair[peer], NULL);
if (evp_ctx == NULL) {
rc = SSH_ERROR;
goto out;
}
rc = EVP_PKEY_fromdata_init(evp_ctx);
if (rc != 1) {
rc = SSH_ERROR;
goto out;
}
#endif /* OPENSSL_VERSION_NUMBER */
if (priv) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
priv_key = priv;
#else
rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, priv);
if (rc != 1) {
rc = SSH_ERROR;
goto out;
}
#endif /* OPENSSL_VERSION_NUMBER */
}
if (pub) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
pub_key = pub;
#else
rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PUB_KEY, pub);
if (rc != 1) {
rc = SSH_ERROR;
goto out;
}
#endif /* OPENSSL_VERSION_NUMBER */
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L
(void)DH_set0_key(ctx->keypair[peer], pub_key, priv_key);
return SSH_OK;
#else
params = OSSL_PARAM_BLD_to_param(param_bld);
if (params == NULL) {
rc = SSH_ERROR;
goto out;
}
OSSL_PARAM_BLD_free(param_bld);
merged_params = OSSL_PARAM_merge(out_params, params);
if (merged_params == NULL) {
rc = SSH_ERROR;
goto out;
}
rc = EVP_PKEY_fromdata(evp_ctx,
&(ctx->keypair[peer]),
EVP_PKEY_PUBLIC_KEY,
merged_params);
if (rc != 1) {
rc = SSH_ERROR;
goto out;
}
rc = SSH_OK;
out:
EVP_PKEY_CTX_free(evp_ctx);
OSSL_PARAM_free(out_params);
OSSL_PARAM_free(params);
OSSL_PARAM_free(merged_params);
return rc;
#endif /* OPENSSL_VERSION_NUMBER */
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L
int ssh_dh_get_parameters(struct dh_ctx *ctx, int ssh_dh_get_parameters(struct dh_ctx *ctx,
const_bignum *modulus, const_bignum *generator) const_bignum *modulus, const_bignum *generator)
{ {
@@ -113,18 +267,51 @@ int ssh_dh_get_parameters(struct dh_ctx *ctx,
DH_get0_pqg(ctx->keypair[0], modulus, NULL, generator); DH_get0_pqg(ctx->keypair[0], modulus, NULL, generator);
return SSH_OK; return SSH_OK;
} }
#else
int ssh_dh_get_parameters(struct dh_ctx *ctx,
bignum *modulus, bignum *generator)
{
int rc;
if (ctx == NULL || ctx->keypair[0] == NULL) {
return SSH_ERROR;
}
rc = EVP_PKEY_get_bn_param(ctx->keypair[0], OSSL_PKEY_PARAM_FFC_P, (BIGNUM**)modulus);
if (rc != 1) {
return SSH_ERROR;
}
rc = EVP_PKEY_get_bn_param(ctx->keypair[0], OSSL_PKEY_PARAM_FFC_G, (BIGNUM**)generator);
if (rc != 1) {
bignum_safe_free(*modulus);
return SSH_ERROR;
}
return SSH_OK;
}
#endif /* OPENSSL_VERSION_NUMBER */
int ssh_dh_set_parameters(struct dh_ctx *ctx, int ssh_dh_set_parameters(struct dh_ctx *ctx,
const bignum modulus, const bignum generator) const bignum modulus, const bignum generator)
{ {
size_t i; size_t i;
int rc; int rc;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
OSSL_PARAM *params = NULL;
OSSL_PARAM_BLD *param_bld = NULL;
EVP_PKEY_CTX *evp_ctx = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
if ((ctx == NULL) || (modulus == NULL) || (generator == NULL)) { if ((ctx == NULL) || (modulus == NULL) || (generator == NULL)) {
return SSH_ERROR; return SSH_ERROR;
} }
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
evp_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL);
#endif
for (i = 0; i < 2; i++) { for (i = 0; i < 2; i++) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
bignum p = NULL; bignum p = NULL;
bignum g = NULL; bignum g = NULL;
@@ -146,16 +333,70 @@ int ssh_dh_set_parameters(struct dh_ctx *ctx,
rc = SSH_ERROR; rc = SSH_ERROR;
goto done; goto done;
} }
#else
param_bld = OSSL_PARAM_BLD_new();
if (param_bld == NULL) {
rc = SSH_ERROR;
goto done;
}
OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, modulus);
OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, generator);
params = OSSL_PARAM_BLD_to_param(param_bld);
if (params == NULL) {
OSSL_PARAM_BLD_free(param_bld);
rc = SSH_ERROR;
goto done;
}
OSSL_PARAM_BLD_free(param_bld);
rc = EVP_PKEY_fromdata_init(evp_ctx);
if (rc != 1) {
OSSL_PARAM_free(params);
rc = SSH_ERROR;
goto done;
}
/* make sure to invalidate existing keys */
EVP_PKEY_free(ctx->keypair[i]);
ctx->keypair[i] = NULL;
rc = EVP_PKEY_fromdata(evp_ctx,
&(ctx->keypair[i]),
EVP_PKEY_KEY_PARAMETERS,
params);
if (rc != 1) {
OSSL_PARAM_free(params);
rc = SSH_ERROR;
goto done;
}
OSSL_PARAM_free(params);
#endif /* OPENSSL_VERSION_NUMBER */
} }
rc = SSH_OK; rc = SSH_OK;
#if OPENSSL_VERSION_NUMBER < 0x30000000L
done: done:
if (rc != SSH_OK) { if (rc != SSH_OK) {
DH_free(ctx->keypair[0]); DH_free(ctx->keypair[0]);
DH_free(ctx->keypair[1]); DH_free(ctx->keypair[1]);
}
#else
done:
EVP_PKEY_CTX_free(evp_ctx);
if (rc != SSH_OK) {
EVP_PKEY_free(ctx->keypair[0]);
EVP_PKEY_free(ctx->keypair[1]);
}
#endif /* OPENSSL_VERSION_NUMBER */
if (rc != SSH_OK) {
ctx->keypair[0] = NULL; ctx->keypair[0] = NULL;
ctx->keypair[1] = NULL; ctx->keypair[1] = NULL;
} }
return rc; return rc;
} }
@@ -202,8 +443,13 @@ int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
void ssh_dh_cleanup(struct ssh_crypto_struct *crypto) void ssh_dh_cleanup(struct ssh_crypto_struct *crypto)
{ {
if (crypto->dh_ctx != NULL) { if (crypto->dh_ctx != NULL) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
DH_free(crypto->dh_ctx->keypair[0]); DH_free(crypto->dh_ctx->keypair[0]);
DH_free(crypto->dh_ctx->keypair[1]); DH_free(crypto->dh_ctx->keypair[1]);
#else
EVP_PKEY_free(crypto->dh_ctx->keypair[0]);
EVP_PKEY_free(crypto->dh_ctx->keypair[1]);
#endif /* OPENSSL_VERSION_NUMBER */
free(crypto->dh_ctx); free(crypto->dh_ctx);
crypto->dh_ctx = NULL; crypto->dh_ctx = NULL;
} }
@@ -221,14 +467,43 @@ void ssh_dh_cleanup(struct ssh_crypto_struct *crypto)
int ssh_dh_keypair_gen_keys(struct dh_ctx *dh_ctx, int peer) int ssh_dh_keypair_gen_keys(struct dh_ctx *dh_ctx, int peer)
{ {
int rc; int rc;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_PKEY_CTX *evp_ctx = NULL;
#endif
if ((dh_ctx == NULL) || (dh_ctx->keypair[peer] == NULL)) { if ((dh_ctx == NULL) || (dh_ctx->keypair[peer] == NULL)) {
return SSH_ERROR; return SSH_ERROR;
} }
#if OPENSSL_VERSION_NUMBER < 0x30000000L
rc = DH_generate_key(dh_ctx->keypair[peer]); rc = DH_generate_key(dh_ctx->keypair[peer]);
if (rc != 1) { if (rc != 1) {
return SSH_ERROR; return SSH_ERROR;
} }
#else
evp_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, dh_ctx->keypair[peer], NULL);
if (evp_ctx == NULL) {
return SSH_ERROR;
}
rc = EVP_PKEY_keygen_init(evp_ctx);
if (rc != 1) {
EVP_PKEY_CTX_free(evp_ctx);
return SSH_ERROR;
}
rc = EVP_PKEY_generate(evp_ctx, &(dh_ctx->keypair[peer]));
if (rc != 1) {
EVP_PKEY_CTX_free(evp_ctx);
SSH_LOG(SSH_LOG_TRACE,
"Failed to generate DH: %s",
ERR_error_string(ERR_get_error(), NULL));
return SSH_ERROR;
}
EVP_PKEY_CTX_free(evp_ctx);
#endif /* OPENSSL_VERSION_NUMBER */
return SSH_OK; return SSH_OK;
} }
@@ -247,8 +522,14 @@ int ssh_dh_compute_shared_secret(struct dh_ctx *dh_ctx, int local, int remote,
bignum *dest) bignum *dest)
{ {
unsigned char *kstring = NULL; unsigned char *kstring = NULL;
int rc;
#if OPENSSL_VERSION_NUMBER < 0x30000000L
const_bignum pub_key = NULL; const_bignum pub_key = NULL;
int klen, rc; int klen;
#else
size_t klen;
EVP_PKEY_CTX *evp_ctx = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
if ((dh_ctx == NULL) || if ((dh_ctx == NULL) ||
(dh_ctx->keypair[local] == NULL) || (dh_ctx->keypair[local] == NULL) ||
@@ -256,6 +537,7 @@ int ssh_dh_compute_shared_secret(struct dh_ctx *dh_ctx, int local, int remote,
return SSH_ERROR; return SSH_ERROR;
} }
#if OPENSSL_VERSION_NUMBER < 0x30000000L
kstring = malloc(DH_size(dh_ctx->keypair[local])); kstring = malloc(DH_size(dh_ctx->keypair[local]));
if (kstring == NULL) { if (kstring == NULL) {
rc = SSH_ERROR; rc = SSH_ERROR;
@@ -273,6 +555,43 @@ int ssh_dh_compute_shared_secret(struct dh_ctx *dh_ctx, int local, int remote,
rc = SSH_ERROR; rc = SSH_ERROR;
goto done; goto done;
} }
#else
evp_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, dh_ctx->keypair[local], NULL);
rc = EVP_PKEY_derive_init(evp_ctx);
if (rc != 1) {
rc = SSH_ERROR;
goto done;
}
rc = EVP_PKEY_derive_set_peer(evp_ctx, dh_ctx->keypair[remote]);
if (rc != 1) {
SSH_LOG(SSH_LOG_TRACE,
"Failed to set peer key: %s",
ERR_error_string(ERR_get_error(), NULL));
rc = SSH_ERROR;
goto done;
}
/* getting the size of the secret */
rc = EVP_PKEY_derive(evp_ctx, kstring, &klen);
if (rc != 1) {
rc = SSH_ERROR;
goto done;
}
kstring = malloc(klen);
if (kstring == NULL) {
rc = SSH_ERROR;
goto done;
}
rc = EVP_PKEY_derive(evp_ctx, kstring, &klen);
if (rc != 1) {
rc = SSH_ERROR;
goto done;
}
#endif /* OPENSSL_VERSION_NUMBER */
*dest = BN_bin2bn(kstring, klen, NULL); *dest = BN_bin2bn(kstring, klen, NULL);
if (*dest == NULL) { if (*dest == NULL) {
@@ -282,6 +601,9 @@ int ssh_dh_compute_shared_secret(struct dh_ctx *dh_ctx, int local, int remote,
rc = SSH_OK; rc = SSH_OK;
done: done:
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_PKEY_CTX_free(evp_ctx);
#endif
free(kstring); free(kstring);
return rc; return rc;
} }

356
src/ecdh_crypto.c
View File

@@ -30,15 +30,33 @@
#ifdef HAVE_ECDH #ifdef HAVE_ECDH
#include <openssl/ecdh.h> #include <openssl/ecdh.h>
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
#define NISTP256 NID_X9_62_prime256v1 #define NISTP256 NID_X9_62_prime256v1
#define NISTP384 NID_secp384r1 #define NISTP384 NID_secp384r1
#define NISTP521 NID_secp521r1 #define NISTP521 NID_secp521r1
#else
#include <openssl/evp.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
#include "libcrypto-compat.h"
#endif /* OPENSSL_VERSION_NUMBER */
/** @internal /** @internal
* @brief Map the given key exchange enum value to its curve name. * @brief Map the given key exchange enum value to its curve name.
*/ */
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
static int ecdh_kex_type_to_curve(enum ssh_key_exchange_e kex_type) { static int ecdh_kex_type_to_curve(enum ssh_key_exchange_e kex_type) {
#else
static const char *ecdh_kex_type_to_curve(enum ssh_key_exchange_e kex_type) {
#endif /* OPENSSL_VERSION_NUMBER */
if (kex_type == SSH_KEX_ECDH_SHA2_NISTP256) { if (kex_type == SSH_KEX_ECDH_SHA2_NISTP256) {
return NISTP256; return NISTP256;
} else if (kex_type == SSH_KEX_ECDH_SHA2_NISTP384) { } else if (kex_type == SSH_KEX_ECDH_SHA2_NISTP384) {
@@ -46,39 +64,94 @@ static int ecdh_kex_type_to_curve(enum ssh_key_exchange_e kex_type) {
} else if (kex_type == SSH_KEX_ECDH_SHA2_NISTP521) { } else if (kex_type == SSH_KEX_ECDH_SHA2_NISTP521) {
return NISTP521; return NISTP521;
} }
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
return SSH_ERROR; return SSH_ERROR;
#else
return NULL;
#endif
} }
/** @internal /** @internal
* @brief Starts ecdh-sha2-nistp256 key exchange * @brief Starts ecdh-sha2-nistp256 key exchange
*/ */
int ssh_client_ecdh_init(ssh_session session){ int ssh_client_ecdh_init(ssh_session session){
int rc;
ssh_string client_pubkey;
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_KEY *key; EC_KEY *key;
const EC_GROUP *group; const EC_GROUP *group;
const EC_POINT *pubkey; const EC_POINT *pubkey;
ssh_string client_pubkey;
int curve; int curve;
int len; int len;
int rc;
bignum_CTX ctx = BN_CTX_new(); bignum_CTX ctx = BN_CTX_new();
if (ctx == NULL) {
return SSH_ERROR;
}
#else
const char *curve = NULL;
EVP_PKEY *key = NULL;
OSSL_PARAM *out_params = NULL;
const OSSL_PARAM *pubkey_param = NULL;
const uint8_t *pubkey = NULL;
size_t pubkey_len;
#endif /* OPENSSL_VERSION_NUMBER */
rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_KEX_ECDH_INIT); rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_KEX_ECDH_INIT);
if (rc < 0) { if (rc < 0) {
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
BN_CTX_free(ctx); BN_CTX_free(ctx);
#endif /* OPENSSL_VERSION_NUMBER */
return SSH_ERROR; return SSH_ERROR;
} }
curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type); curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type);
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
if (curve == SSH_ERROR) { if (curve == SSH_ERROR) {
BN_CTX_free(ctx); BN_CTX_free(ctx);
return SSH_ERROR; return SSH_ERROR;
} }
key = EC_KEY_new_by_curve_name(curve); key = EC_KEY_new_by_curve_name(curve);
if (key == NULL) { #else
BN_CTX_free(ctx); if (curve == NULL) {
return SSH_ERROR; return SSH_ERROR;
} }
key = EVP_EC_gen(curve);
#endif /* OPENSSL_VERSION_NUMBER */
if (key == NULL) {
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
BN_CTX_free(ctx);
#endif /* OPENSSL_VERSION_NUMBER */
return SSH_ERROR;
}
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
group = EC_KEY_get0_group(key); group = EC_KEY_get0_group(key);
EC_KEY_generate_key(key); EC_KEY_generate_key(key);
@@ -97,10 +170,51 @@ int ssh_client_ecdh_init(ssh_session session){
EC_POINT_point2oct(group,pubkey,POINT_CONVERSION_UNCOMPRESSED, EC_POINT_point2oct(group,pubkey,POINT_CONVERSION_UNCOMPRESSED,
ssh_string_data(client_pubkey),len,ctx); ssh_string_data(client_pubkey),len,ctx);
BN_CTX_free(ctx); BN_CTX_free(ctx);
#else
rc = EVP_PKEY_todata(key, EVP_PKEY_PUBLIC_KEY, &out_params);
if (rc != 1) {
EVP_PKEY_free(key);
return SSH_ERROR;
}
pubkey_param = OSSL_PARAM_locate_const(out_params, OSSL_PKEY_PARAM_PUB_KEY);
if (pubkey_param == NULL) {
EVP_PKEY_free(key);
OSSL_PARAM_free(out_params);
return SSH_ERROR;
}
rc = OSSL_PARAM_get_octet_string_ptr(pubkey_param,
(const void**)&pubkey,
&pubkey_len);
if (rc != 1) {
OSSL_PARAM_free(out_params);
EVP_PKEY_free(key);
return SSH_ERROR;
}
client_pubkey = ssh_string_new(pubkey_len);
if (client_pubkey == NULL) {
OSSL_PARAM_free(out_params);
EVP_PKEY_free(key);
return SSH_ERROR;
}
memcpy(ssh_string_data(client_pubkey), pubkey, pubkey_len);
OSSL_PARAM_free(out_params);
#endif /* OPENSSL_VERSION_NUMBER */
rc = ssh_buffer_add_ssh_string(session->out_buffer,client_pubkey); rc = ssh_buffer_add_ssh_string(session->out_buffer,client_pubkey);
if (rc < 0) { if (rc < 0) {
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_KEY_free(key); EC_KEY_free(key);
#else
EVP_PKEY_free(key);
#endif /* OPENSSL_VERSION_NUMBER */
SSH_STRING_FREE(client_pubkey); SSH_STRING_FREE(client_pubkey);
return SSH_ERROR; return SSH_ERROR;
} }
@@ -118,7 +232,13 @@ int ssh_client_ecdh_init(ssh_session session){
} }
int ecdh_build_k(ssh_session session) { int ecdh_build_k(ssh_session session) {
const EC_GROUP *group = EC_KEY_get0_group(session->next_crypto->ecdh_privkey); struct ssh_crypto_struct *next_crypto = session->next_crypto;
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
const EC_GROUP *group = EC_KEY_get0_group(next_crypto->ecdh_privkey);
EC_POINT *pubkey; EC_POINT *pubkey;
void *buffer; void *buffer;
int rc; int rc;
@@ -127,7 +247,6 @@ int ecdh_build_k(ssh_session session) {
if (ctx == NULL) { if (ctx == NULL) {
return -1; return -1;
} }
pubkey = EC_POINT_new(group); pubkey = EC_POINT_new(group);
if (pubkey == NULL) { if (pubkey == NULL) {
bignum_ctx_free(ctx); bignum_ctx_free(ctx);
@@ -137,14 +256,14 @@ int ecdh_build_k(ssh_session session) {
if (session->server) { if (session->server) {
rc = EC_POINT_oct2point(group, rc = EC_POINT_oct2point(group,
pubkey, pubkey,
ssh_string_data(session->next_crypto->ecdh_client_pubkey), ssh_string_data(next_crypto->ecdh_client_pubkey),
ssh_string_len(session->next_crypto->ecdh_client_pubkey), ssh_string_len(next_crypto->ecdh_client_pubkey),
ctx); ctx);
} else { } else {
rc = EC_POINT_oct2point(group, rc = EC_POINT_oct2point(group,
pubkey, pubkey,
ssh_string_data(session->next_crypto->ecdh_server_pubkey), ssh_string_data(next_crypto->ecdh_server_pubkey),
ssh_string_len(session->next_crypto->ecdh_server_pubkey), ssh_string_len(next_crypto->ecdh_server_pubkey),
ctx); ctx);
} }
bignum_ctx_free(ctx); bignum_ctx_free(ctx);
@@ -162,7 +281,7 @@ int ecdh_build_k(ssh_session session) {
rc = ECDH_compute_key(buffer, rc = ECDH_compute_key(buffer,
len, len,
pubkey, pubkey,
session->next_crypto->ecdh_privkey, next_crypto->ecdh_privkey,
NULL); NULL);
EC_POINT_clear_free(pubkey); EC_POINT_clear_free(pubkey);
if (rc <= 0) { if (rc <= 0) {
@@ -170,23 +289,121 @@ int ecdh_build_k(ssh_session session) {
return -1; return -1;
} }
bignum_bin2bn(buffer, len, &session->next_crypto->shared_secret); bignum_bin2bn(buffer, len, &next_crypto->shared_secret);
free(buffer); free(buffer);
if (session->next_crypto->shared_secret == NULL) { #else
EC_KEY_free(session->next_crypto->ecdh_privkey); EVP_PKEY *pubkey = NULL;
session->next_crypto->ecdh_privkey = NULL; void *secret = NULL;
size_t secret_len;
int rc;
OSSL_PARAM params[2];
EVP_PKEY_CTX *dh_ctx = EVP_PKEY_CTX_new_from_pkey(NULL,
next_crypto->ecdh_privkey,
NULL);
EVP_PKEY_CTX *pubkey_ctx = EVP_PKEY_CTX_new_from_pkey(NULL,
next_crypto->ecdh_privkey,
NULL);
if (dh_ctx == NULL || pubkey_ctx == NULL) {
EVP_PKEY_CTX_free(dh_ctx);
EVP_PKEY_CTX_free(pubkey_ctx);
return -1; return -1;
} }
EC_KEY_free(session->next_crypto->ecdh_privkey);
session->next_crypto->ecdh_privkey = NULL; rc = EVP_PKEY_derive_init(dh_ctx);
if (rc != 1) {
EVP_PKEY_CTX_free(dh_ctx);
EVP_PKEY_CTX_free(pubkey_ctx);
return -1;
}
rc = EVP_PKEY_fromdata_init(pubkey_ctx);
if (rc != 1) {
EVP_PKEY_CTX_free(dh_ctx);
EVP_PKEY_CTX_free(pubkey_ctx);
return -1;
}
if (session->server) {
params[0] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
ssh_string_data(next_crypto->ecdh_client_pubkey),
ssh_string_len(next_crypto->ecdh_client_pubkey));
} else {
params[0] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
ssh_string_data(next_crypto->ecdh_server_pubkey),
ssh_string_len(next_crypto->ecdh_server_pubkey));
}
params[1] = OSSL_PARAM_construct_end();
rc = EVP_PKEY_fromdata(pubkey_ctx, &pubkey, EVP_PKEY_PUBLIC_KEY, params);
if (rc != 1) {
EVP_PKEY_CTX_free(dh_ctx);
EVP_PKEY_CTX_free(pubkey_ctx);
return -1;
}
EVP_PKEY_CTX_free(pubkey_ctx);
rc = EVP_PKEY_derive_set_peer(dh_ctx, pubkey);
if (rc != 1) {
EVP_PKEY_CTX_free(dh_ctx);
return -1;
}
/* get the max length of the secret */
rc = EVP_PKEY_derive(dh_ctx, NULL, &secret_len);
if (rc != 1) {
EVP_PKEY_CTX_free(dh_ctx);
return -1;
}
secret = malloc(secret_len);
if (secret == NULL) {
EVP_PKEY_CTX_free(dh_ctx);
return -1;
}
rc = EVP_PKEY_derive(dh_ctx, secret, &secret_len);
if (rc != 1) {
EVP_PKEY_CTX_free(dh_ctx);
return -1;
}
EVP_PKEY_CTX_free(dh_ctx);
bignum_bin2bn(secret, secret_len, &next_crypto->shared_secret);
free(secret);
#endif /* OPENSSL_VERSION_NUMBER */
if (next_crypto->shared_secret == NULL) {
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_KEY_free(next_crypto->ecdh_privkey);
#else
EVP_PKEY_free(next_crypto->ecdh_privkey);
#endif /* OPENSSL_VERSION_NUMBER */
next_crypto->ecdh_privkey = NULL;
return -1;
}
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_KEY_free(next_crypto->ecdh_privkey);
#else
EVP_PKEY_free(next_crypto->ecdh_privkey);
#endif /* OPENSSL_VERSION_NUMBER */
next_crypto->ecdh_privkey = NULL;
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_log_hexdump("Session server cookie", ssh_log_hexdump("Session server cookie",
session->next_crypto->server_kex.cookie, 16); next_crypto->server_kex.cookie, 16);
ssh_log_hexdump("Session client cookie", ssh_log_hexdump("Session client cookie",
session->next_crypto->client_kex.cookie, 16); next_crypto->client_kex.cookie, 16);
ssh_print_bignum("Shared secret key", session->next_crypto->shared_secret); ssh_print_bignum("Shared secret key", next_crypto->shared_secret);
#endif #endif /* DEBUG_CRYPTO */
return 0; return 0;
} }
@@ -200,17 +417,30 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
/* ECDH keys */ /* ECDH keys */
ssh_string q_c_string; ssh_string q_c_string;
ssh_string q_s_string; ssh_string q_s_string;
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_KEY *ecdh_key; EC_KEY *ecdh_key;
const EC_GROUP *group; const EC_GROUP *group;
const EC_POINT *ecdh_pubkey; const EC_POINT *ecdh_pubkey;
bignum_CTX ctx; bignum_CTX ctx;
int curve;
int len;
#else
EVP_PKEY *ecdh_key = NULL;
const void *pubkey_ptr = NULL;
size_t len;
OSSL_PARAM *params = NULL;
const OSSL_PARAM *pubkey = NULL;
const char *curve = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
/* SSH host keys (rsa,dsa,ecdsa) */ /* SSH host keys (rsa,dsa,ecdsa) */
ssh_key privkey; ssh_key privkey;
enum ssh_digest_e digest = SSH_DIGEST_AUTO; enum ssh_digest_e digest = SSH_DIGEST_AUTO;
ssh_string sig_blob = NULL; ssh_string sig_blob = NULL;
ssh_string pubkey_blob = NULL; ssh_string pubkey_blob = NULL;
int curve;
int len;
int rc; int rc;
(void)type; (void)type;
(void)user; (void)user;
@@ -224,23 +454,47 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
} }
session->next_crypto->ecdh_client_pubkey = q_c_string; session->next_crypto->ecdh_client_pubkey = q_c_string;
/* Build server's keypair */
ctx = BN_CTX_new();
curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type); curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type);
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
if (curve == SSH_ERROR) { if (curve == SSH_ERROR) {
BN_CTX_free(ctx);
return SSH_ERROR; return SSH_ERROR;
} }
#else
if (curve == NULL) {
return SSH_ERROR;
}
#endif /* OPENSSL_VERSION_NUMBER */
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
ecdh_key = EC_KEY_new_by_curve_name(curve); ecdh_key = EC_KEY_new_by_curve_name(curve);
#else
ecdh_key = EVP_EC_gen(curve);
#endif /* OPENSSL_VERSION_NUMBER */
if (ecdh_key == NULL) { if (ecdh_key == NULL) {
ssh_set_error_oom(session); ssh_set_error_oom(session);
BN_CTX_free(ctx);
goto error; goto error;
} }
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
/* Build server's keypair */
ctx = BN_CTX_new();
if (ctx == NULL) {
EC_KEY_free(ecdh_key);
return SSH_ERROR;
}
group = EC_KEY_get0_group(ecdh_key); group = EC_KEY_get0_group(ecdh_key);
EC_KEY_generate_key(ecdh_key); EC_KEY_generate_key(ecdh_key);
@@ -251,14 +505,47 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
NULL, NULL,
0, 0,
ctx); ctx);
#else
rc = EVP_PKEY_todata(ecdh_key, EVP_PKEY_PUBLIC_KEY, &params);
if (rc != 1) {
EVP_PKEY_free(ecdh_key);
return SSH_ERROR;
}
pubkey = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
if (pubkey == NULL) {
OSSL_PARAM_free(params);
EVP_PKEY_free(ecdh_key);
return SSH_ERROR;
}
rc = OSSL_PARAM_get_octet_string_ptr(pubkey, &pubkey_ptr, &len);
if (rc != 1) {
OSSL_PARAM_free(params);
EVP_PKEY_free(ecdh_key);
return SSH_ERROR;
}
#endif /* OPENSSL_VERSION_NUMBER */
q_s_string = ssh_string_new(len); q_s_string = ssh_string_new(len);
if (q_s_string == NULL) { if (q_s_string == NULL) {
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_KEY_free(ecdh_key); EC_KEY_free(ecdh_key);
BN_CTX_free(ctx); BN_CTX_free(ctx);
#else
EVP_PKEY_free(ecdh_key);
#endif /* OPENSSL_VERSION_NUMBER */
goto error; goto error;
} }
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_POINT_point2oct(group, EC_POINT_point2oct(group,
ecdh_pubkey, ecdh_pubkey,
POINT_CONVERSION_UNCOMPRESSED, POINT_CONVERSION_UNCOMPRESSED,
@@ -266,6 +553,15 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
len, len,
ctx); ctx);
BN_CTX_free(ctx); BN_CTX_free(ctx);
#else
if (memcpy(ssh_string_data(q_s_string), pubkey_ptr, len)) {
OSSL_PARAM_free(params);
EVP_PKEY_free(ecdh_key);
return SSH_ERROR;
}
OSSL_PARAM_free(params);
#endif /* OPENSSL_VERSION_NUMBER */
session->next_crypto->ecdh_privkey = ecdh_key; session->next_crypto->ecdh_privkey = ecdh_key;
session->next_crypto->ecdh_server_pubkey = q_s_string; session->next_crypto->ecdh_server_pubkey = q_s_string;

1110
src/pki_crypto.c
View File

File diff suppressed because it is too large Load Diff