2023-05-16 13:50:52 +00:00
|
|
|
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/dh.c openssh-8.7p1-patched/dh.c
|
|
|
|
--- openssh-8.7p1/dh.c 2023-05-16 15:38:53.461326047 +0200
|
|
|
|
+++ openssh-8.7p1-patched/dh.c 2023-05-16 15:37:14.785260359 +0200
|
|
|
|
@@ -37,6 +37,9 @@
|
2023-05-03 13:52:40 +00:00
|
|
|
#include <openssl/bn.h>
|
|
|
|
#include <openssl/dh.h>
|
|
|
|
#include <openssl/fips.h>
|
|
|
|
+#include <openssl/evp.h>
|
|
|
|
+#include <openssl/core_names.h>
|
|
|
|
+#include <openssl/param_build.h>
|
|
|
|
|
|
|
|
#include "dh.h"
|
|
|
|
#include "pathnames.h"
|
2023-05-16 13:50:52 +00:00
|
|
|
@@ -290,10 +293,15 @@
|
2023-05-03 13:52:40 +00:00
|
|
|
int
|
|
|
|
dh_gen_key(DH *dh, int need)
|
|
|
|
{
|
|
|
|
- int pbits;
|
|
|
|
- const BIGNUM *dh_p, *pub_key;
|
|
|
|
+ const BIGNUM *dh_p, *dh_g;
|
|
|
|
+ BIGNUM *pub_key = NULL, *priv_key = NULL;
|
|
|
|
+ EVP_PKEY *pkey = NULL;
|
|
|
|
+ EVP_PKEY_CTX *ctx = NULL;
|
|
|
|
+ OSSL_PARAM_BLD *param_bld = NULL;
|
|
|
|
+ OSSL_PARAM *params = NULL;
|
|
|
|
+ int pbits, r = 0;
|
|
|
|
|
|
|
|
- DH_get0_pqg(dh, &dh_p, NULL, NULL);
|
|
|
|
+ DH_get0_pqg(dh, &dh_p, NULL, &dh_g);
|
|
|
|
|
|
|
|
if (need < 0 || dh_p == NULL ||
|
|
|
|
(pbits = BN_num_bits(dh_p)) <= 0 ||
|
2023-05-16 13:50:52 +00:00
|
|
|
@@ -301,19 +309,85 @@
|
2023-05-03 13:52:40 +00:00
|
|
|
return SSH_ERR_INVALID_ARGUMENT;
|
|
|
|
if (need < 256)
|
|
|
|
need = 256;
|
|
|
|
+
|
|
|
|
+ if ((param_bld = OSSL_PARAM_BLD_new()) == NULL ||
|
|
|
|
+ (ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)) == NULL) {
|
|
|
|
+ OSSL_PARAM_BLD_free(param_bld);
|
|
|
|
+ return SSH_ERR_ALLOC_FAIL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (OSSL_PARAM_BLD_push_BN(param_bld,
|
|
|
|
+ OSSL_PKEY_PARAM_FFC_P, dh_p) != 1 ||
|
|
|
|
+ OSSL_PARAM_BLD_push_BN(param_bld,
|
|
|
|
+ OSSL_PKEY_PARAM_FFC_G, dh_g) != 1) {
|
|
|
|
+ error_f("Could not set p,q,g parameters");
|
|
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
/*
|
|
|
|
* Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
|
|
|
|
* so double requested need here.
|
|
|
|
*/
|
|
|
|
- if (!DH_set_length(dh, MINIMUM(need * 2, pbits - 1)))
|
|
|
|
- return SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
-
|
|
|
|
- if (DH_generate_key(dh) == 0)
|
|
|
|
- return SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
- DH_get0_key(dh, &pub_key, NULL);
|
|
|
|
- if (!dh_pub_is_valid(dh, pub_key))
|
|
|
|
- return SSH_ERR_INVALID_FORMAT;
|
|
|
|
- return 0;
|
|
|
|
+ if (OSSL_PARAM_BLD_push_int(param_bld,
|
|
|
|
+ OSSL_PKEY_PARAM_DH_PRIV_LEN,
|
|
|
|
+ MINIMUM(need * 2, pbits - 1)) != 1 ||
|
|
|
|
+ (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
|
|
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
+ if (EVP_PKEY_fromdata_init(ctx) != 1) {
|
|
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
+ if (EVP_PKEY_fromdata(ctx, &pkey,
|
|
|
|
+ EVP_PKEY_KEY_PARAMETERS, params) != 1) {
|
|
|
|
+ error_f("Failed key generation");
|
|
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* reuse context for key generation */
|
|
|
|
+ EVP_PKEY_CTX_free(ctx);
|
|
|
|
+ ctx = NULL;
|
|
|
|
+
|
|
|
|
+ if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL ||
|
|
|
|
+ EVP_PKEY_keygen_init(ctx) != 1) {
|
|
|
|
+ error_f("Could not create or init context");
|
|
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
+ if (EVP_PKEY_generate(ctx, &pkey) != 1) {
|
|
|
|
+ error_f("Could not generate keys");
|
|
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
+ if (EVP_PKEY_public_check(ctx) != 1) {
|
|
|
|
+ error_f("The public key is incorrect");
|
|
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY,
|
|
|
|
+ &pub_key) != 1 ||
|
|
|
|
+ EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
|
|
|
|
+ &priv_key) != 1 ||
|
|
|
|
+ DH_set0_key(dh, pub_key, priv_key) != 1) {
|
|
|
|
+ error_f("Could not set pub/priv keys to DH struct");
|
|
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* transferred */
|
|
|
|
+ pub_key = NULL;
|
|
|
|
+ priv_key = NULL;
|
|
|
|
+out:
|
|
|
|
+ OSSL_PARAM_free(params);
|
|
|
|
+ OSSL_PARAM_BLD_free(param_bld);
|
|
|
|
+ EVP_PKEY_CTX_free(ctx);
|
|
|
|
+ EVP_PKEY_free(pkey);
|
|
|
|
+ BN_clear_free(pub_key);
|
|
|
|
+ BN_clear_free(priv_key);
|
|
|
|
+ return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
DH *
|
2023-05-16 13:50:52 +00:00
|
|
|
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/kex.c openssh-8.7p1-patched/kex.c
|
|
|
|
--- openssh-8.7p1/kex.c 2023-05-16 15:38:53.465326090 +0200
|
|
|
|
+++ openssh-8.7p1-patched/kex.c 2023-05-16 15:37:14.785260359 +0200
|
|
|
|
@@ -1603,3 +1603,47 @@
|
2023-05-03 13:52:40 +00:00
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
+#ifdef WITH_OPENSSL
|
|
|
|
+/*
|
|
|
|
+ * Creates an EVP_PKEY from the given parameters and keys.
|
|
|
|
+ * The private key can be omitted.
|
|
|
|
+ */
|
|
|
|
+int
|
|
|
|
+kex_create_evp_dh(EVP_PKEY **pkey, const BIGNUM *p, const BIGNUM *q,
|
|
|
|
+ const BIGNUM *g, const BIGNUM *pub, const BIGNUM *priv)
|
|
|
|
+{
|
|
|
|
+ OSSL_PARAM_BLD *param_bld = NULL;
|
|
|
|
+ EVP_PKEY_CTX *ctx = NULL;
|
|
|
|
+ int r = 0;
|
|
|
|
+
|
|
|
|
+ /* create EVP_PKEY-DH key */
|
|
|
|
+ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)) == NULL ||
|
|
|
|
+ (param_bld = OSSL_PARAM_BLD_new()) == NULL) {
|
|
|
|
+ error_f("EVP_PKEY_CTX or PARAM_BLD init failed");
|
|
|
|
+ r = SSH_ERR_ALLOC_FAIL;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
+ if (OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, p) != 1 ||
|
|
|
|
+ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, q) != 1 ||
|
|
|
|
+ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, g) != 1 ||
|
|
|
|
+ OSSL_PARAM_BLD_push_BN(param_bld,
|
|
|
|
+ OSSL_PKEY_PARAM_PUB_KEY, pub) != 1) {
|
|
|
|
+ error_f("Failed pushing params to OSSL_PARAM_BLD");
|
|
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
+ if (priv != NULL &&
|
|
|
|
+ OSSL_PARAM_BLD_push_BN(param_bld,
|
|
|
|
+ OSSL_PKEY_PARAM_PRIV_KEY, priv) != 1) {
|
|
|
|
+ error_f("Failed pushing private key to OSSL_PARAM_BLD");
|
|
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
+ if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL)
|
|
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
+out:
|
|
|
|
+ OSSL_PARAM_BLD_free(param_bld);
|
|
|
|
+ EVP_PKEY_CTX_free(ctx);
|
|
|
|
+ return r;
|
|
|
|
+}
|
|
|
|
+#endif /* WITH_OPENSSL */
|
2023-05-16 13:50:52 +00:00
|
|
|
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/kexdh.c openssh-8.7p1-patched/kexdh.c
|
|
|
|
--- openssh-8.7p1/kexdh.c 2023-05-16 15:38:53.403325420 +0200
|
|
|
|
+++ openssh-8.7p1-patched/kexdh.c 2023-05-16 15:37:34.097468928 +0200
|
|
|
|
@@ -35,6 +35,10 @@
|
2023-05-03 13:52:40 +00:00
|
|
|
|
|
|
|
#include "openbsd-compat/openssl-compat.h"
|
|
|
|
#include <openssl/dh.h>
|
2023-05-16 13:50:52 +00:00
|
|
|
+#include <openssl/err.h>
|
2023-05-03 13:52:40 +00:00
|
|
|
+#include <openssl/evp.h>
|
|
|
|
+#include <openssl/core_names.h>
|
|
|
|
+#include <openssl/param_build.h>
|
|
|
|
|
|
|
|
#include "sshkey.h"
|
|
|
|
#include "kex.h"
|
2023-05-16 13:50:52 +00:00
|
|
|
@@ -83,9 +87,12 @@
|
2023-05-03 13:52:40 +00:00
|
|
|
kex_dh_compute_key(struct kex *kex, BIGNUM *dh_pub, struct sshbuf *out)
|
|
|
|
{
|
|
|
|
BIGNUM *shared_secret = NULL;
|
|
|
|
+ const BIGNUM *pub, *priv, *p, *q, *g;
|
|
|
|
+ EVP_PKEY *pkey = NULL, *dh_pkey = NULL;
|
|
|
|
+ EVP_PKEY_CTX *ctx = NULL;
|
|
|
|
u_char *kbuf = NULL;
|
|
|
|
size_t klen = 0;
|
2023-05-16 13:50:52 +00:00
|
|
|
- int kout, r;
|
|
|
|
+ int kout, r = 0;
|
|
|
|
|
|
|
|
#ifdef DEBUG_KEXDH
|
|
|
|
fprintf(stderr, "dh_pub= ");
|
|
|
|
@@ -100,24 +107,64 @@
|
|
|
|
r = SSH_ERR_MESSAGE_INCOMPLETE;
|
2023-05-03 13:52:40 +00:00
|
|
|
goto out;
|
|
|
|
}
|
2023-05-16 13:50:52 +00:00
|
|
|
- klen = DH_size(kex->dh);
|
2023-05-03 13:52:40 +00:00
|
|
|
+
|
|
|
|
+ DH_get0_key(kex->dh, &pub, &priv);
|
|
|
|
+ DH_get0_pqg(kex->dh, &p, &q, &g);
|
|
|
|
+ /* import key */
|
2023-05-16 13:50:52 +00:00
|
|
|
+ r = kex_create_evp_dh(&pkey, p, q, g, pub, priv);
|
|
|
|
+ if (r != 0) {
|
|
|
|
+ error_f("Could not create EVP_PKEY for dh");
|
|
|
|
+ ERR_print_errors_fp(stderr);
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
2023-05-03 13:52:40 +00:00
|
|
|
+ /* import peer key
|
|
|
|
+ * the parameters should be the same as with pkey
|
|
|
|
+ */
|
2023-05-16 13:50:52 +00:00
|
|
|
+ debug_f("import peer key to evp");
|
|
|
|
+ r = kex_create_evp_dh(&dh_pkey, p, q, g, dh_pub, NULL);
|
|
|
|
+ if (r != 0) {
|
|
|
|
+ error_f("Could not import peer key for dh");
|
|
|
|
+ ERR_print_errors_fp(stderr);
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
2023-05-03 13:52:40 +00:00
|
|
|
+
|
2023-05-16 13:50:52 +00:00
|
|
|
+ debug_f("creating EVP_PKEY_CTX");
|
2023-05-03 13:52:40 +00:00
|
|
|
+ if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL) {
|
|
|
|
+ error_f("Could not init EVP_PKEY_CTX for dh");
|
|
|
|
+ r = SSH_ERR_ALLOC_FAIL;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
2023-05-16 13:50:52 +00:00
|
|
|
+ debug_f("Deriving - init context");
|
2023-05-03 13:52:40 +00:00
|
|
|
+ if (EVP_PKEY_derive_init(ctx) != 1 ||
|
|
|
|
+ EVP_PKEY_derive_set_peer(ctx, dh_pkey) != 1 ||
|
2023-05-16 13:50:52 +00:00
|
|
|
+ EVP_PKEY_derive(ctx, NULL, &klen) != 1) {
|
|
|
|
+ error_f("Could not get key size");
|
|
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
+ debug_f("Deriving - buffer size is %d", (int)klen);
|
|
|
|
if ((kbuf = malloc(klen)) == NULL ||
|
|
|
|
(shared_secret = BN_new()) == NULL) {
|
|
|
|
r = SSH_ERR_ALLOC_FAIL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
- if ((kout = DH_compute_key(kbuf, dh_pub, kex->dh)) < 0 ||
|
|
|
|
- BN_bin2bn(kbuf, kout, shared_secret) == NULL) {
|
|
|
|
+ debug_f("Deriving - using real buffer");
|
|
|
|
+ if (EVP_PKEY_derive(ctx, kbuf, &klen) != 1 ||
|
2023-05-03 13:52:40 +00:00
|
|
|
+ BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
|
|
|
|
+ error_f("Could not derive key");
|
|
|
|
r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
#ifdef DEBUG_KEXDH
|
|
|
|
- dump_digest("shared secret", kbuf, kout);
|
|
|
|
+ dump_digest("shared secret", kbuf, klen);
|
|
|
|
#endif
|
|
|
|
r = sshbuf_put_bignum2(out, shared_secret);
|
|
|
|
out:
|
|
|
|
freezero(kbuf, klen);
|
|
|
|
BN_clear_free(shared_secret);
|
|
|
|
+ EVP_PKEY_free(pkey);
|
|
|
|
+ EVP_PKEY_free(dh_pkey);
|
|
|
|
+ EVP_PKEY_CTX_free(ctx);
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2023-05-16 13:50:52 +00:00
|
|
|
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/kex.h openssh-8.7p1-patched/kex.h
|
|
|
|
--- openssh-8.7p1/kex.h 2023-05-16 15:38:53.465326090 +0200
|
|
|
|
+++ openssh-8.7p1-patched/kex.h 2023-05-16 15:37:14.786260370 +0200
|
2023-05-03 13:52:40 +00:00
|
|
|
@@ -33,6 +33,9 @@
|
|
|
|
# include <openssl/bn.h>
|
|
|
|
# include <openssl/dh.h>
|
|
|
|
# include <openssl/ecdsa.h>
|
|
|
|
+# include <openssl/evp.h>
|
|
|
|
+# include <openssl/core_names.h>
|
|
|
|
+# include <openssl/param_build.h>
|
|
|
|
# ifdef OPENSSL_HAS_ECC
|
|
|
|
# include <openssl/ec.h>
|
|
|
|
# else /* OPENSSL_HAS_ECC */
|
|
|
|
@@ -278,6 +281,8 @@
|
|
|
|
const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int)
|
|
|
|
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
|
|
|
|
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
|
|
|
|
+int kex_create_evp_dh(EVP_PKEY **, const BIGNUM *, const BIGNUM *,
|
|
|
|
+ const BIGNUM *, const BIGNUM *, const BIGNUM *);
|
|
|
|
|
|
|
|
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
|
|
|
|
void dump_digest(const char *, const u_char *, int);
|