lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-27 13:21:11 +03:00
Code Activity

Port functions to openssl3.0

Browse Source 
Remove usage of deprecated functions.
Exceptions are:
  - pkcs11 (no openssl provider support yet)
  - ec (no support for uncompressed EC keys
    https://github.com/openssl/openssl/pull/16624)

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Norbert Pocs
2022-06-23 15:36:14 +00:00
committed by Andreas Schneider
parent fdf518435c
commit 7792d38157
3 changed files with 1635 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files

342
src/dh_crypto.c
View File

@@ -30,6 +30,13 @@
#include "openssl/crypto.h"
#include "openssl/dh.h"
#include "libcrypto-compat.h"
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/evp.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
#include <openssl/param_build.h>
#include <openssl/err.h>
#endif /* OPENSSL_VERSION_NUMBER */
extern bignum ssh_dh_generator;
extern bignum ssh_dh_group1;
@@ -38,13 +45,21 @@ extern bignum ssh_dh_group16;
extern bignum ssh_dh_group18;
struct dh_ctx {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
DH *keypair[2];
#else
EVP_PKEY *keypair[2];
#endif /* OPENSSL_VERSION_NUMBER */
};
void ssh_dh_debug_crypto(struct ssh_crypto_struct *c)
{
#ifdef DEBUG_CRYPTO
#if OPENSSL_VERSION_NUMBER < 0x30000000L
const_bignum x = NULL, y = NULL, e = NULL, f = NULL;
#else
bignum x = NULL, y = NULL, e = NULL, f = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
ssh_dh_keypair_get_keys(c->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e);
ssh_dh_keypair_get_keys(c->dh_ctx, DH_SERVER_KEYPAIR, &y, &f);
@@ -52,6 +67,12 @@ void ssh_dh_debug_crypto(struct ssh_crypto_struct *c)
ssh_print_bignum("y", y);
ssh_print_bignum("e", e);
ssh_print_bignum("f", f);
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
bignum_safe_free(x);
bignum_safe_free(y);
bignum_safe_free(e);
bignum_safe_free(f);
#endif /* OPENSSL_VERSION_NUMBER */
ssh_log_hexdump("Session server cookie", c->server_kex.cookie, 16);
ssh_log_hexdump("Session client cookie", c->client_kex.cookie, 16);
@@ -59,9 +80,10 @@ void ssh_dh_debug_crypto(struct ssh_crypto_struct *c)
#else
(void)c; /* UNUSED_PARAM */
#endif
#endif /* DEBUG_CRYPTO */
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L
int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
const_bignum *priv, const_bignum *pub)
{
@@ -70,7 +92,9 @@ int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
(ctx->keypair[peer] == NULL)) {
return SSH_ERROR;
}
DH_get0_key(ctx->keypair[peer], pub, priv);
if (priv && (*priv == NULL || bignum_num_bits(*priv) == 0)) {
return SSH_ERROR;
}
@@ -81,12 +105,13 @@ int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
return SSH_OK;
}
int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
const bignum priv, const bignum pub)
#else
/* If set *priv and *pub should be initialized
* to NULL before calling this function*/
int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
bignum *priv, bignum *pub)
{
bignum priv_key = NULL;
bignum pub_key = NULL;
int rc;
if (((peer != DH_CLIENT_KEYPAIR) && (peer != DH_SERVER_KEYPAIR)) ||
((priv == NULL) && (pub == NULL)) || (ctx == NULL) ||
(ctx->keypair[peer] == NULL)) {
@@ -94,16 +119,145 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
}
if (priv) {
priv_key = priv;
rc = EVP_PKEY_get_bn_param(ctx->keypair[peer],
OSSL_PKEY_PARAM_PRIV_KEY,
priv);
if (rc != 1) {
return SSH_ERROR;
}
}
if (pub) {
pub_key = pub;
rc = EVP_PKEY_get_bn_param(ctx->keypair[peer],
OSSL_PKEY_PARAM_PUB_KEY,
pub);
if (rc != 1) {
return SSH_ERROR;
}
}
if (priv && (*priv == NULL || bignum_num_bits(*priv) == 0)) {
if (pub && (*pub != NULL && bignum_num_bits(*pub) != 0)) {
bignum_safe_free(*pub);
*pub = NULL;
}
return SSH_ERROR;
}
if (pub && (*pub == NULL || bignum_num_bits(*pub) == 0)) {
if (priv) {
bignum_safe_free(*priv);
*priv = NULL;
}
return SSH_ERROR;
}
(void)DH_set0_key(ctx->keypair[peer], pub_key, priv_key);
return SSH_OK;
}
#endif /* OPENSSL_VERSION_NUMBER */
int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
const bignum priv, const bignum pub)
{
#if OPENSSL_VERSION_NUMBER < 0x30000000L
bignum priv_key = NULL;
bignum pub_key = NULL;
#else
int rc;
OSSL_PARAM *params = NULL, *out_params = NULL, *merged_params = NULL;
OSSL_PARAM_BLD *param_bld = NULL;
EVP_PKEY_CTX *evp_ctx = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
if (((peer != DH_CLIENT_KEYPAIR) && (peer != DH_SERVER_KEYPAIR)) ||
((priv == NULL) && (pub == NULL)) || (ctx == NULL) ||
(ctx->keypair[peer] == NULL)) {
return SSH_ERROR;
}
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
rc = EVP_PKEY_todata(ctx->keypair[peer], EVP_PKEY_KEYPAIR, &out_params);
if (rc != 1) {
return SSH_ERROR;
}
param_bld = OSSL_PARAM_BLD_new();
if (param_bld == NULL) {
rc = SSH_ERROR;
goto out;
}
evp_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, ctx->keypair[peer], NULL);
if (evp_ctx == NULL) {
rc = SSH_ERROR;
goto out;
}
rc = EVP_PKEY_fromdata_init(evp_ctx);
if (rc != 1) {
rc = SSH_ERROR;
goto out;
}
#endif /* OPENSSL_VERSION_NUMBER */
if (priv) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
priv_key = priv;
#else
rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, priv);
if (rc != 1) {
rc = SSH_ERROR;
goto out;
}
#endif /* OPENSSL_VERSION_NUMBER */
}
if (pub) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
pub_key = pub;
#else
rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PUB_KEY, pub);
if (rc != 1) {
rc = SSH_ERROR;
goto out;
}
#endif /* OPENSSL_VERSION_NUMBER */
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L
(void)DH_set0_key(ctx->keypair[peer], pub_key, priv_key);
return SSH_OK;
#else
params = OSSL_PARAM_BLD_to_param(param_bld);
if (params == NULL) {
rc = SSH_ERROR;
goto out;
}
OSSL_PARAM_BLD_free(param_bld);
merged_params = OSSL_PARAM_merge(out_params, params);
if (merged_params == NULL) {
rc = SSH_ERROR;
goto out;
}
rc = EVP_PKEY_fromdata(evp_ctx,
&(ctx->keypair[peer]),
EVP_PKEY_PUBLIC_KEY,
merged_params);
if (rc != 1) {
rc = SSH_ERROR;
goto out;
}
rc = SSH_OK;
out:
EVP_PKEY_CTX_free(evp_ctx);
OSSL_PARAM_free(out_params);
OSSL_PARAM_free(params);
OSSL_PARAM_free(merged_params);
return rc;
#endif /* OPENSSL_VERSION_NUMBER */
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L
int ssh_dh_get_parameters(struct dh_ctx *ctx,
const_bignum *modulus, const_bignum *generator)
{
@@ -113,18 +267,51 @@ int ssh_dh_get_parameters(struct dh_ctx *ctx,
DH_get0_pqg(ctx->keypair[0], modulus, NULL, generator);
return SSH_OK;
}
#else
int ssh_dh_get_parameters(struct dh_ctx *ctx,
bignum *modulus, bignum *generator)
{
int rc;
if (ctx == NULL || ctx->keypair[0] == NULL) {
return SSH_ERROR;
}
rc = EVP_PKEY_get_bn_param(ctx->keypair[0], OSSL_PKEY_PARAM_FFC_P, (BIGNUM**)modulus);
if (rc != 1) {
return SSH_ERROR;
}
rc = EVP_PKEY_get_bn_param(ctx->keypair[0], OSSL_PKEY_PARAM_FFC_G, (BIGNUM**)generator);
if (rc != 1) {
bignum_safe_free(*modulus);
return SSH_ERROR;
}
return SSH_OK;
}
#endif /* OPENSSL_VERSION_NUMBER */
int ssh_dh_set_parameters(struct dh_ctx *ctx,
const bignum modulus, const bignum generator)
{
size_t i;
int rc;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
OSSL_PARAM *params = NULL;
OSSL_PARAM_BLD *param_bld = NULL;
EVP_PKEY_CTX *evp_ctx = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
if ((ctx == NULL) || (modulus == NULL) || (generator == NULL)) {
return SSH_ERROR;
}
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
evp_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL);
#endif
for (i = 0; i < 2; i++) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
bignum p = NULL;
bignum g = NULL;
@@ -146,16 +333,70 @@ int ssh_dh_set_parameters(struct dh_ctx *ctx,
rc = SSH_ERROR;
goto done;
}
#else
param_bld = OSSL_PARAM_BLD_new();
if (param_bld == NULL) {
rc = SSH_ERROR;
goto done;
}
OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, modulus);
OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, generator);
params = OSSL_PARAM_BLD_to_param(param_bld);
if (params == NULL) {
OSSL_PARAM_BLD_free(param_bld);
rc = SSH_ERROR;
goto done;
}
OSSL_PARAM_BLD_free(param_bld);
rc = EVP_PKEY_fromdata_init(evp_ctx);
if (rc != 1) {
OSSL_PARAM_free(params);
rc = SSH_ERROR;
goto done;
}
/* make sure to invalidate existing keys */
EVP_PKEY_free(ctx->keypair[i]);
ctx->keypair[i] = NULL;
rc = EVP_PKEY_fromdata(evp_ctx,
&(ctx->keypair[i]),
EVP_PKEY_KEY_PARAMETERS,
params);
if (rc != 1) {
OSSL_PARAM_free(params);
rc = SSH_ERROR;
goto done;
}
OSSL_PARAM_free(params);
#endif /* OPENSSL_VERSION_NUMBER */
}
rc = SSH_OK;
#if OPENSSL_VERSION_NUMBER < 0x30000000L
done:
if (rc != SSH_OK) {
DH_free(ctx->keypair[0]);
DH_free(ctx->keypair[1]);
}
#else
done:
EVP_PKEY_CTX_free(evp_ctx);
if (rc != SSH_OK) {
EVP_PKEY_free(ctx->keypair[0]);
EVP_PKEY_free(ctx->keypair[1]);
}
#endif /* OPENSSL_VERSION_NUMBER */
if (rc != SSH_OK) {
ctx->keypair[0] = NULL;
ctx->keypair[1] = NULL;
}
return rc;
}
@@ -202,8 +443,13 @@ int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
void ssh_dh_cleanup(struct ssh_crypto_struct *crypto)
{
if (crypto->dh_ctx != NULL) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
DH_free(crypto->dh_ctx->keypair[0]);
DH_free(crypto->dh_ctx->keypair[1]);
#else
EVP_PKEY_free(crypto->dh_ctx->keypair[0]);
EVP_PKEY_free(crypto->dh_ctx->keypair[1]);
#endif /* OPENSSL_VERSION_NUMBER */
free(crypto->dh_ctx);
crypto->dh_ctx = NULL;
}
@@ -221,14 +467,43 @@ void ssh_dh_cleanup(struct ssh_crypto_struct *crypto)
int ssh_dh_keypair_gen_keys(struct dh_ctx *dh_ctx, int peer)
{
int rc;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_PKEY_CTX *evp_ctx = NULL;
#endif
if ((dh_ctx == NULL) || (dh_ctx->keypair[peer] == NULL)) {
return SSH_ERROR;
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L
rc = DH_generate_key(dh_ctx->keypair[peer]);
if (rc != 1) {
return SSH_ERROR;
}
#else
evp_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, dh_ctx->keypair[peer], NULL);
if (evp_ctx == NULL) {
return SSH_ERROR;
}
rc = EVP_PKEY_keygen_init(evp_ctx);
if (rc != 1) {
EVP_PKEY_CTX_free(evp_ctx);
return SSH_ERROR;
}
rc = EVP_PKEY_generate(evp_ctx, &(dh_ctx->keypair[peer]));
if (rc != 1) {
EVP_PKEY_CTX_free(evp_ctx);
SSH_LOG(SSH_LOG_TRACE,
"Failed to generate DH: %s",
ERR_error_string(ERR_get_error(), NULL));
return SSH_ERROR;
}
EVP_PKEY_CTX_free(evp_ctx);
#endif /* OPENSSL_VERSION_NUMBER */
return SSH_OK;
}
@@ -247,8 +522,14 @@ int ssh_dh_compute_shared_secret(struct dh_ctx *dh_ctx, int local, int remote,
bignum *dest)
{
unsigned char *kstring = NULL;
int rc;
#if OPENSSL_VERSION_NUMBER < 0x30000000L
const_bignum pub_key = NULL;
int klen, rc;
int klen;
#else
size_t klen;
EVP_PKEY_CTX *evp_ctx = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
if ((dh_ctx == NULL) ||
(dh_ctx->keypair[local] == NULL) ||
@@ -256,6 +537,7 @@ int ssh_dh_compute_shared_secret(struct dh_ctx *dh_ctx, int local, int remote,
return SSH_ERROR;
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L
kstring = malloc(DH_size(dh_ctx->keypair[local]));
if (kstring == NULL) {
rc = SSH_ERROR;
@@ -273,6 +555,43 @@ int ssh_dh_compute_shared_secret(struct dh_ctx *dh_ctx, int local, int remote,
rc = SSH_ERROR;
goto done;
}
#else
evp_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, dh_ctx->keypair[local], NULL);
rc = EVP_PKEY_derive_init(evp_ctx);
if (rc != 1) {
rc = SSH_ERROR;
goto done;
}
rc = EVP_PKEY_derive_set_peer(evp_ctx, dh_ctx->keypair[remote]);
if (rc != 1) {
SSH_LOG(SSH_LOG_TRACE,
"Failed to set peer key: %s",
ERR_error_string(ERR_get_error(), NULL));
rc = SSH_ERROR;
goto done;
}
/* getting the size of the secret */
rc = EVP_PKEY_derive(evp_ctx, kstring, &klen);
if (rc != 1) {
rc = SSH_ERROR;
goto done;
}
kstring = malloc(klen);
if (kstring == NULL) {
rc = SSH_ERROR;
goto done;
}
rc = EVP_PKEY_derive(evp_ctx, kstring, &klen);
if (rc != 1) {
rc = SSH_ERROR;
goto done;
}
#endif /* OPENSSL_VERSION_NUMBER */
*dest = BN_bin2bn(kstring, klen, NULL);
if (*dest == NULL) {
@@ -282,6 +601,9 @@ int ssh_dh_compute_shared_secret(struct dh_ctx *dh_ctx, int local, int remote,
rc = SSH_OK;
done:
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_PKEY_CTX_free(evp_ctx);
#endif
free(kstring);
return rc;
}

356
src/ecdh_crypto.c
View File

@@ -30,15 +30,33 @@
#ifdef HAVE_ECDH
#include <openssl/ecdh.h>
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
#define NISTP256 NID_X9_62_prime256v1
#define NISTP384 NID_secp384r1
#define NISTP521 NID_secp521r1
#else
#include <openssl/evp.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
#include "libcrypto-compat.h"
#endif /* OPENSSL_VERSION_NUMBER */
/** @internal
* @brief Map the given key exchange enum value to its curve name.
*/
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
static int ecdh_kex_type_to_curve(enum ssh_key_exchange_e kex_type) {
#else
static const char *ecdh_kex_type_to_curve(enum ssh_key_exchange_e kex_type) {
#endif /* OPENSSL_VERSION_NUMBER */
if (kex_type == SSH_KEX_ECDH_SHA2_NISTP256) {
return NISTP256;
} else if (kex_type == SSH_KEX_ECDH_SHA2_NISTP384) {
@@ -46,39 +64,94 @@ static int ecdh_kex_type_to_curve(enum ssh_key_exchange_e kex_type) {
} else if (kex_type == SSH_KEX_ECDH_SHA2_NISTP521) {
return NISTP521;
}
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
return SSH_ERROR;
#else
return NULL;
#endif
}
/** @internal
* @brief Starts ecdh-sha2-nistp256 key exchange
*/
int ssh_client_ecdh_init(ssh_session session){
int rc;
ssh_string client_pubkey;
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_KEY *key;
const EC_GROUP *group;
const EC_POINT *pubkey;
ssh_string client_pubkey;
int curve;
int len;
int rc;
bignum_CTX ctx = BN_CTX_new();
if (ctx == NULL) {
return SSH_ERROR;
}
#else
const char *curve = NULL;
EVP_PKEY *key = NULL;
OSSL_PARAM *out_params = NULL;
const OSSL_PARAM *pubkey_param = NULL;
const uint8_t *pubkey = NULL;
size_t pubkey_len;
#endif /* OPENSSL_VERSION_NUMBER */
rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_KEX_ECDH_INIT);
if (rc < 0) {
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
BN_CTX_free(ctx);
#endif /* OPENSSL_VERSION_NUMBER */
return SSH_ERROR;
}
curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type);
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
if (curve == SSH_ERROR) {
BN_CTX_free(ctx);
return SSH_ERROR;
}
key = EC_KEY_new_by_curve_name(curve);
if (key == NULL) {
BN_CTX_free(ctx);
#else
if (curve == NULL) {
return SSH_ERROR;
}
key = EVP_EC_gen(curve);
#endif /* OPENSSL_VERSION_NUMBER */
if (key == NULL) {
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
BN_CTX_free(ctx);
#endif /* OPENSSL_VERSION_NUMBER */
return SSH_ERROR;
}
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
group = EC_KEY_get0_group(key);
EC_KEY_generate_key(key);
@@ -97,10 +170,51 @@ int ssh_client_ecdh_init(ssh_session session){
EC_POINT_point2oct(group,pubkey,POINT_CONVERSION_UNCOMPRESSED,
ssh_string_data(client_pubkey),len,ctx);
BN_CTX_free(ctx);
#else
rc = EVP_PKEY_todata(key, EVP_PKEY_PUBLIC_KEY, &out_params);
if (rc != 1) {
EVP_PKEY_free(key);
return SSH_ERROR;
}
pubkey_param = OSSL_PARAM_locate_const(out_params, OSSL_PKEY_PARAM_PUB_KEY);
if (pubkey_param == NULL) {
EVP_PKEY_free(key);
OSSL_PARAM_free(out_params);
return SSH_ERROR;
}
rc = OSSL_PARAM_get_octet_string_ptr(pubkey_param,
(const void**)&pubkey,
&pubkey_len);
if (rc != 1) {
OSSL_PARAM_free(out_params);
EVP_PKEY_free(key);
return SSH_ERROR;
}
client_pubkey = ssh_string_new(pubkey_len);
if (client_pubkey == NULL) {
OSSL_PARAM_free(out_params);
EVP_PKEY_free(key);
return SSH_ERROR;
}
memcpy(ssh_string_data(client_pubkey), pubkey, pubkey_len);
OSSL_PARAM_free(out_params);
#endif /* OPENSSL_VERSION_NUMBER */
rc = ssh_buffer_add_ssh_string(session->out_buffer,client_pubkey);
if (rc < 0) {
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_KEY_free(key);
#else
EVP_PKEY_free(key);
#endif /* OPENSSL_VERSION_NUMBER */
SSH_STRING_FREE(client_pubkey);
return SSH_ERROR;
}
@@ -118,7 +232,13 @@ int ssh_client_ecdh_init(ssh_session session){
}
int ecdh_build_k(ssh_session session) {
const EC_GROUP *group = EC_KEY_get0_group(session->next_crypto->ecdh_privkey);
struct ssh_crypto_struct *next_crypto = session->next_crypto;
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
const EC_GROUP *group = EC_KEY_get0_group(next_crypto->ecdh_privkey);
EC_POINT *pubkey;
void *buffer;
int rc;
@@ -127,7 +247,6 @@ int ecdh_build_k(ssh_session session) {
if (ctx == NULL) {
return -1;
}
pubkey = EC_POINT_new(group);
if (pubkey == NULL) {
bignum_ctx_free(ctx);
@@ -137,14 +256,14 @@ int ecdh_build_k(ssh_session session) {
if (session->server) {
rc = EC_POINT_oct2point(group,
pubkey,
ssh_string_data(session->next_crypto->ecdh_client_pubkey),
ssh_string_len(session->next_crypto->ecdh_client_pubkey),
ssh_string_data(next_crypto->ecdh_client_pubkey),
ssh_string_len(next_crypto->ecdh_client_pubkey),
ctx);
} else {
rc = EC_POINT_oct2point(group,
pubkey,
ssh_string_data(session->next_crypto->ecdh_server_pubkey),
ssh_string_len(session->next_crypto->ecdh_server_pubkey),
ssh_string_data(next_crypto->ecdh_server_pubkey),
ssh_string_len(next_crypto->ecdh_server_pubkey),
ctx);
}
bignum_ctx_free(ctx);
@@ -162,7 +281,7 @@ int ecdh_build_k(ssh_session session) {
rc = ECDH_compute_key(buffer,
len,
pubkey,
session->next_crypto->ecdh_privkey,
next_crypto->ecdh_privkey,
NULL);
EC_POINT_clear_free(pubkey);
if (rc <= 0) {
@@ -170,23 +289,121 @@ int ecdh_build_k(ssh_session session) {
return -1;
}
bignum_bin2bn(buffer, len, &session->next_crypto->shared_secret);
bignum_bin2bn(buffer, len, &next_crypto->shared_secret);
free(buffer);
if (session->next_crypto->shared_secret == NULL) {
EC_KEY_free(session->next_crypto->ecdh_privkey);
session->next_crypto->ecdh_privkey = NULL;
#else
EVP_PKEY *pubkey = NULL;
void *secret = NULL;
size_t secret_len;
int rc;
OSSL_PARAM params[2];
EVP_PKEY_CTX *dh_ctx = EVP_PKEY_CTX_new_from_pkey(NULL,
next_crypto->ecdh_privkey,
NULL);
EVP_PKEY_CTX *pubkey_ctx = EVP_PKEY_CTX_new_from_pkey(NULL,
next_crypto->ecdh_privkey,
NULL);
if (dh_ctx == NULL || pubkey_ctx == NULL) {
EVP_PKEY_CTX_free(dh_ctx);
EVP_PKEY_CTX_free(pubkey_ctx);
return -1;
}
EC_KEY_free(session->next_crypto->ecdh_privkey);
session->next_crypto->ecdh_privkey = NULL;
rc = EVP_PKEY_derive_init(dh_ctx);
if (rc != 1) {
EVP_PKEY_CTX_free(dh_ctx);
EVP_PKEY_CTX_free(pubkey_ctx);
return -1;
}
rc = EVP_PKEY_fromdata_init(pubkey_ctx);
if (rc != 1) {
EVP_PKEY_CTX_free(dh_ctx);
EVP_PKEY_CTX_free(pubkey_ctx);
return -1;
}
if (session->server) {
params[0] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
ssh_string_data(next_crypto->ecdh_client_pubkey),
ssh_string_len(next_crypto->ecdh_client_pubkey));
} else {
params[0] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
ssh_string_data(next_crypto->ecdh_server_pubkey),
ssh_string_len(next_crypto->ecdh_server_pubkey));
}
params[1] = OSSL_PARAM_construct_end();
rc = EVP_PKEY_fromdata(pubkey_ctx, &pubkey, EVP_PKEY_PUBLIC_KEY, params);
if (rc != 1) {
EVP_PKEY_CTX_free(dh_ctx);
EVP_PKEY_CTX_free(pubkey_ctx);
return -1;
}
EVP_PKEY_CTX_free(pubkey_ctx);
rc = EVP_PKEY_derive_set_peer(dh_ctx, pubkey);
if (rc != 1) {
EVP_PKEY_CTX_free(dh_ctx);
return -1;
}
/* get the max length of the secret */
rc = EVP_PKEY_derive(dh_ctx, NULL, &secret_len);
if (rc != 1) {
EVP_PKEY_CTX_free(dh_ctx);
return -1;
}
secret = malloc(secret_len);
if (secret == NULL) {
EVP_PKEY_CTX_free(dh_ctx);
return -1;
}
rc = EVP_PKEY_derive(dh_ctx, secret, &secret_len);
if (rc != 1) {
EVP_PKEY_CTX_free(dh_ctx);
return -1;
}
EVP_PKEY_CTX_free(dh_ctx);
bignum_bin2bn(secret, secret_len, &next_crypto->shared_secret);
free(secret);
#endif /* OPENSSL_VERSION_NUMBER */
if (next_crypto->shared_secret == NULL) {
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_KEY_free(next_crypto->ecdh_privkey);
#else
EVP_PKEY_free(next_crypto->ecdh_privkey);
#endif /* OPENSSL_VERSION_NUMBER */
next_crypto->ecdh_privkey = NULL;
return -1;
}
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_KEY_free(next_crypto->ecdh_privkey);
#else
EVP_PKEY_free(next_crypto->ecdh_privkey);
#endif /* OPENSSL_VERSION_NUMBER */
next_crypto->ecdh_privkey = NULL;
#ifdef DEBUG_CRYPTO
ssh_log_hexdump("Session server cookie",
session->next_crypto->server_kex.cookie, 16);
next_crypto->server_kex.cookie, 16);
ssh_log_hexdump("Session client cookie",
session->next_crypto->client_kex.cookie, 16);
ssh_print_bignum("Shared secret key", session->next_crypto->shared_secret);
#endif
next_crypto->client_kex.cookie, 16);
ssh_print_bignum("Shared secret key", next_crypto->shared_secret);
#endif /* DEBUG_CRYPTO */
return 0;
}
@@ -200,17 +417,30 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
/* ECDH keys */
ssh_string q_c_string;
ssh_string q_s_string;
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_KEY *ecdh_key;
const EC_GROUP *group;
const EC_POINT *ecdh_pubkey;
bignum_CTX ctx;
int curve;
int len;
#else
EVP_PKEY *ecdh_key = NULL;
const void *pubkey_ptr = NULL;
size_t len;
OSSL_PARAM *params = NULL;
const OSSL_PARAM *pubkey = NULL;
const char *curve = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
/* SSH host keys (rsa,dsa,ecdsa) */
ssh_key privkey;
enum ssh_digest_e digest = SSH_DIGEST_AUTO;
ssh_string sig_blob = NULL;
ssh_string pubkey_blob = NULL;
int curve;
int len;
int rc;
(void)type;
(void)user;
@@ -224,23 +454,47 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
}
session->next_crypto->ecdh_client_pubkey = q_c_string;
/* Build server's keypair */
ctx = BN_CTX_new();
curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type);
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
if (curve == SSH_ERROR) {
BN_CTX_free(ctx);
return SSH_ERROR;
}
#else
if (curve == NULL) {
return SSH_ERROR;
}
#endif /* OPENSSL_VERSION_NUMBER */
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
ecdh_key = EC_KEY_new_by_curve_name(curve);
#else
ecdh_key = EVP_EC_gen(curve);
#endif /* OPENSSL_VERSION_NUMBER */
if (ecdh_key == NULL) {
ssh_set_error_oom(session);
BN_CTX_free(ctx);
goto error;
}
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
/* Build server's keypair */
ctx = BN_CTX_new();
if (ctx == NULL) {
EC_KEY_free(ecdh_key);
return SSH_ERROR;
}
group = EC_KEY_get0_group(ecdh_key);
EC_KEY_generate_key(ecdh_key);
@@ -251,14 +505,47 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
NULL,
0,
ctx);
#else
rc = EVP_PKEY_todata(ecdh_key, EVP_PKEY_PUBLIC_KEY, &params);
if (rc != 1) {
EVP_PKEY_free(ecdh_key);
return SSH_ERROR;
}
pubkey = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
if (pubkey == NULL) {
OSSL_PARAM_free(params);
EVP_PKEY_free(ecdh_key);
return SSH_ERROR;
}
rc = OSSL_PARAM_get_octet_string_ptr(pubkey, &pubkey_ptr, &len);
if (rc != 1) {
OSSL_PARAM_free(params);
EVP_PKEY_free(ecdh_key);
return SSH_ERROR;
}
#endif /* OPENSSL_VERSION_NUMBER */
q_s_string = ssh_string_new(len);
if (q_s_string == NULL) {
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_KEY_free(ecdh_key);
BN_CTX_free(ctx);
#else
EVP_PKEY_free(ecdh_key);
#endif /* OPENSSL_VERSION_NUMBER */
goto error;
}
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
EC_POINT_point2oct(group,
ecdh_pubkey,
POINT_CONVERSION_UNCOMPRESSED,
@@ -266,6 +553,15 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
len,
ctx);
BN_CTX_free(ctx);
#else
if (memcpy(ssh_string_data(q_s_string), pubkey_ptr, len)) {
OSSL_PARAM_free(params);
EVP_PKEY_free(ecdh_key);
return SSH_ERROR;
}
OSSL_PARAM_free(params);
#endif /* OPENSSL_VERSION_NUMBER */
session->next_crypto->ecdh_privkey = ecdh_key;
session->next_crypto->ecdh_server_pubkey = q_s_string;

1110
src/pki_crypto.c
View File

File diff suppressed because it is too large Load Diff