libssh/SOURCES/CVE-2023-6918.patch

1582 lines
39 KiB
Diff

From 610d7a09f99c601224ae2aa3d3de7e75b1d284dd Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 15 Dec 2023 10:30:09 +0100
Subject: [PATCH 1/5] CVE-2023-6918: kdf: Reformat
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/kdf.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/src/kdf.c b/src/kdf.c
index 44f06631..987ae972 100644
--- a/src/kdf.c
+++ b/src/kdf.c
@@ -58,7 +58,7 @@ static ssh_mac_ctx ssh_mac_ctx_init(enum ssh_kdf_digest type)
}
ctx->digest_type = type;
- switch(type){
+ switch (type) {
case SSH_KDF_SHA1:
ctx->ctx.sha1_ctx = sha1_init();
return ctx;
@@ -79,7 +79,7 @@ static ssh_mac_ctx ssh_mac_ctx_init(enum ssh_kdf_digest type)
static void ssh_mac_update(ssh_mac_ctx ctx, const void *data, size_t len)
{
- switch(ctx->digest_type){
+ switch (ctx->digest_type) {
case SSH_KDF_SHA1:
sha1_update(ctx->ctx.sha1_ctx, data, len);
break;
@@ -97,26 +97,28 @@ static void ssh_mac_update(ssh_mac_ctx ctx, const void *data, size_t len)
static void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx)
{
- switch(ctx->digest_type){
+ switch (ctx->digest_type) {
case SSH_KDF_SHA1:
- sha1_final(md,ctx->ctx.sha1_ctx);
+ sha1_final(md, ctx->ctx.sha1_ctx);
break;
case SSH_KDF_SHA256:
- sha256_final(md,ctx->ctx.sha256_ctx);
+ sha256_final(md, ctx->ctx.sha256_ctx);
break;
case SSH_KDF_SHA384:
- sha384_final(md,ctx->ctx.sha384_ctx);
+ sha384_final(md, ctx->ctx.sha384_ctx);
break;
case SSH_KDF_SHA512:
- sha512_final(md,ctx->ctx.sha512_ctx);
+ sha512_final(md, ctx->ctx.sha512_ctx);
break;
}
SAFE_FREE(ctx);
}
int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
- unsigned char *key, size_t key_len,
- uint8_t key_type, unsigned char *output,
+ unsigned char *key,
+ size_t key_len,
+ uint8_t key_type,
+ unsigned char *output,
size_t requested_len)
{
/* Can't use VLAs with Visual Studio, so allocate the biggest
--
2.41.0
From 63ff242131c8e6d98917456f71f6d33b9ef3a763 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 15 Dec 2023 12:55:27 +0100
Subject: [PATCH 2/5] CVE-2023-6918: Remove unused evp functions and types
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
include/libssh/libcrypto.h | 5 ---
include/libssh/libgcrypt.h | 1 -
include/libssh/libmbedcrypto.h | 1 -
include/libssh/wrapper.h | 4 --
src/libcrypto.c | 54 -------------------------
src/libgcrypt.c | 53 ------------------------
src/libmbedcrypto.c | 74 ----------------------------------
7 files changed, 192 deletions(-)
diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h
index 16e5f98f..87f30a4d 100644
--- a/include/libssh/libcrypto.h
+++ b/include/libssh/libcrypto.h
@@ -39,11 +39,6 @@ typedef EVP_MD_CTX* SHA384CTX;
typedef EVP_MD_CTX* SHA512CTX;
typedef EVP_MD_CTX* MD5CTX;
typedef EVP_MD_CTX* HMACCTX;
-#ifdef HAVE_ECC
-typedef EVP_MD_CTX *EVPCTX;
-#else
-typedef void *EVPCTX;
-#endif
#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
#define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH
diff --git a/include/libssh/libgcrypt.h b/include/libssh/libgcrypt.h
index e4087fd2..c6afc22e 100644
--- a/include/libssh/libgcrypt.h
+++ b/include/libssh/libgcrypt.h
@@ -32,7 +32,6 @@ typedef gcry_md_hd_t SHA384CTX;
typedef gcry_md_hd_t SHA512CTX;
typedef gcry_md_hd_t MD5CTX;
typedef gcry_md_hd_t HMACCTX;
-typedef gcry_md_hd_t EVPCTX;
#define SHA_DIGEST_LENGTH 20
#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
#define MD5_DIGEST_LEN 16
diff --git a/include/libssh/libmbedcrypto.h b/include/libssh/libmbedcrypto.h
index e6fc393c..540a025b 100644
--- a/include/libssh/libmbedcrypto.h
+++ b/include/libssh/libmbedcrypto.h
@@ -41,7 +41,6 @@ typedef mbedtls_md_context_t *SHA384CTX;
typedef mbedtls_md_context_t *SHA512CTX;
typedef mbedtls_md_context_t *MD5CTX;
typedef mbedtls_md_context_t *HMACCTX;
-typedef mbedtls_md_context_t *EVPCTX;
#define SHA_DIGEST_LENGTH 20
#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index 36589cff..07e64018 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -95,10 +95,6 @@ void sha512_update(SHA512CTX c, const void *data, size_t len);
void sha512_final(unsigned char *md,SHA512CTX c);
void sha512(const unsigned char *digest, size_t len, unsigned char *hash);
-void evp(int nid, unsigned char *digest, size_t len, unsigned char *hash, unsigned int *hlen);
-EVPCTX evp_init(int nid);
-void evp_update(EVPCTX ctx, const void *data, size_t len);
-void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen);
HMACCTX hmac_init(const void *key,size_t len, enum ssh_hmac_e type);
int hmac_update(HMACCTX c, const void *data, size_t len);
diff --git a/src/libcrypto.c b/src/libcrypto.c
index ebdca6e0..4f945d90 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -125,60 +125,6 @@ ENGINE *pki_get_engine(void)
return engine;
}
-#ifdef HAVE_OPENSSL_ECC
-static const EVP_MD *nid_to_evpmd(int nid)
-{
- switch (nid) {
- case NID_X9_62_prime256v1:
- return EVP_sha256();
- case NID_secp384r1:
- return EVP_sha384();
- case NID_secp521r1:
- return EVP_sha512();
- default:
- return NULL;
- }
-
- return NULL;
-}
-
-void evp(int nid, unsigned char *digest, size_t len, unsigned char *hash, unsigned int *hlen)
-{
- const EVP_MD *evp_md = nid_to_evpmd(nid);
- EVP_MD_CTX *md = EVP_MD_CTX_new();
-
- EVP_DigestInit(md, evp_md);
- EVP_DigestUpdate(md, digest, len);
- EVP_DigestFinal(md, hash, hlen);
- EVP_MD_CTX_free(md);
-}
-
-EVPCTX evp_init(int nid)
-{
- const EVP_MD *evp_md = nid_to_evpmd(nid);
-
- EVPCTX ctx = EVP_MD_CTX_new();
- if (ctx == NULL) {
- return NULL;
- }
-
- EVP_DigestInit(ctx, evp_md);
-
- return ctx;
-}
-
-void evp_update(EVPCTX ctx, const void *data, size_t len)
-{
- EVP_DigestUpdate(ctx, data, len);
-}
-
-void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
-{
- EVP_DigestFinal(ctx, md, mdlen);
- EVP_MD_CTX_free(ctx);
-}
-#endif /* HAVE_OPENSSL_ECC */
-
#ifdef HAVE_OPENSSL_EVP_KDF_CTX
#if OPENSSL_VERSION_NUMBER < 0x30000000L
static const EVP_MD *sshkdf_digest_to_md(enum ssh_kdf_digest digest_type)
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index 2e44a53c..f410d997 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -69,59 +69,6 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
void ssh_reseed(void){
}
-#ifdef HAVE_GCRYPT_ECC
-static int nid_to_md_algo(int nid)
-{
- switch (nid) {
- case NID_gcrypt_nistp256:
- return GCRY_MD_SHA256;
- case NID_gcrypt_nistp384:
- return GCRY_MD_SHA384;
- case NID_gcrypt_nistp521:
- return GCRY_MD_SHA512;
- }
- return GCRY_MD_NONE;
-}
-
-void evp(int nid, unsigned char *digest, size_t len,
- unsigned char *hash, unsigned int *hlen)
-{
- int algo = nid_to_md_algo(nid);
-
- /* Note: What gcrypt calls 'hash' is called 'digest' here and
- vice-versa. */
- gcry_md_hash_buffer(algo, hash, digest, len);
- *hlen = gcry_md_get_algo_dlen(algo);
-}
-
-EVPCTX evp_init(int nid)
-{
- gcry_error_t err;
- int algo = nid_to_md_algo(nid);
- EVPCTX ctx;
-
- err = gcry_md_open(&ctx, algo, 0);
- if (err) {
- return NULL;
- }
-
- return ctx;
-}
-
-void evp_update(EVPCTX ctx, const void *data, size_t len)
-{
- gcry_md_write(ctx, data, len);
-}
-
-void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
-{
- int algo = gcry_md_get_algo(ctx);
- *mdlen = gcry_md_get_algo_dlen(algo);
- memcpy(md, gcry_md_read(ctx, algo), *mdlen);
- gcry_md_close(ctx);
-}
-#endif
-
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
uint8_t key_type, unsigned char *output,
diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c
index 594e5369..caa3b6e9 100644
--- a/src/libmbedcrypto.c
+++ b/src/libmbedcrypto.c
@@ -51,80 +51,6 @@ void ssh_reseed(void)
mbedtls_ctr_drbg_reseed(&ssh_mbedtls_ctr_drbg, NULL, 0);
}
-static mbedtls_md_type_t nid_to_md_algo(int nid)
-{
- switch (nid) {
- case NID_mbedtls_nistp256:
- return MBEDTLS_MD_SHA256;
- case NID_mbedtls_nistp384:
- return MBEDTLS_MD_SHA384;
- case NID_mbedtls_nistp521:
- return MBEDTLS_MD_SHA512;
- }
- return MBEDTLS_MD_NONE;
-}
-
-void evp(int nid, unsigned char *digest, size_t len,
- unsigned char *hash, unsigned int *hlen)
-{
- mbedtls_md_type_t algo = nid_to_md_algo(nid);
- const mbedtls_md_info_t *md_info =
- mbedtls_md_info_from_type(algo);
-
-
- if (md_info != NULL) {
- *hlen = mbedtls_md_get_size(md_info);
- mbedtls_md(md_info, digest, len, hash);
- }
-}
-
-EVPCTX evp_init(int nid)
-{
- EVPCTX ctx = NULL;
- int rc;
- mbedtls_md_type_t algo = nid_to_md_algo(nid);
- const mbedtls_md_info_t *md_info =
- mbedtls_md_info_from_type(algo);
-
- if (md_info == NULL) {
- return NULL;
- }
-
- ctx = malloc(sizeof(mbedtls_md_context_t));
- if (ctx == NULL) {
- return NULL;
- }
-
- mbedtls_md_init(ctx);
-
- rc = mbedtls_md_setup(ctx, md_info, 0);
- if (rc != 0) {
- SAFE_FREE(ctx);
- return NULL;
- }
-
- rc = mbedtls_md_starts(ctx);
- if (rc != 0) {
- SAFE_FREE(ctx);
- return NULL;
- }
-
- return ctx;
-}
-
-void evp_update(EVPCTX ctx, const void *data, size_t len)
-{
- mbedtls_md_update(ctx, data, len);
-}
-
-void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
-{
- *mdlen = mbedtls_md_get_size(ctx->MBEDTLS_PRIVATE(md_info));
- mbedtls_md_finish(ctx, md);
- mbedtls_md_free(ctx);
- SAFE_FREE(ctx);
-}
-
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
uint8_t key_type, unsigned char *output,
--
2.41.0
From 8b66d037d575e5f3ce4d35964547ff8c7e75ff8e Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 15 Dec 2023 12:55:54 +0100
Subject: [PATCH 3/5] CVE-2023-6918: Systematically check return values when
calculating digests
with all crypto backends
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
include/libssh/wrapper.h | 34 ++++----
src/kdf.c | 96 ++++++++++++++++++-----
src/md_crypto.c | 161 ++++++++++++++++++++++++++++++--------
src/md_gcrypt.c | 107 +++++++++++++++++++++----
src/md_mbedcrypto.c | 165 +++++++++++++++++++++++++++++++--------
src/session.c | 72 ++++++++++++-----
6 files changed, 504 insertions(+), 131 deletions(-)
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index 07e64018..b3e28eac 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -72,29 +72,33 @@ struct ssh_crypto_struct;
typedef struct ssh_mac_ctx_struct *ssh_mac_ctx;
MD5CTX md5_init(void);
-void md5_update(MD5CTX c, const void *data, size_t len);
-void md5_final(unsigned char *md,MD5CTX c);
+void md5_ctx_free(MD5CTX);
+int md5_update(MD5CTX c, const void *data, size_t len);
+int md5_final(unsigned char *md, MD5CTX c);
SHACTX sha1_init(void);
-void sha1_update(SHACTX c, const void *data, size_t len);
-void sha1_final(unsigned char *md,SHACTX c);
-void sha1(const unsigned char *digest,size_t len,unsigned char *hash);
+void sha1_ctx_free(SHACTX);
+int sha1_update(SHACTX c, const void *data, size_t len);
+int sha1_final(unsigned char *md,SHACTX c);
+int sha1(const unsigned char *digest,size_t len, unsigned char *hash);
SHA256CTX sha256_init(void);
-void sha256_update(SHA256CTX c, const void *data, size_t len);
-void sha256_final(unsigned char *md,SHA256CTX c);
-void sha256(const unsigned char *digest, size_t len, unsigned char *hash);
+void sha256_ctx_free(SHA256CTX);
+int sha256_update(SHA256CTX c, const void *data, size_t len);
+int sha256_final(unsigned char *md,SHA256CTX c);
+int sha256(const unsigned char *digest, size_t len, unsigned char *hash);
SHA384CTX sha384_init(void);
-void sha384_update(SHA384CTX c, const void *data, size_t len);
-void sha384_final(unsigned char *md,SHA384CTX c);
-void sha384(const unsigned char *digest, size_t len, unsigned char *hash);
+void sha384_ctx_free(SHA384CTX);
+int sha384_update(SHA384CTX c, const void *data, size_t len);
+int sha384_final(unsigned char *md,SHA384CTX c);
+int sha384(const unsigned char *digest, size_t len, unsigned char *hash);
SHA512CTX sha512_init(void);
-void sha512_update(SHA512CTX c, const void *data, size_t len);
-void sha512_final(unsigned char *md,SHA512CTX c);
-void sha512(const unsigned char *digest, size_t len, unsigned char *hash);
-
+void sha512_ctx_free(SHA512CTX);
+int sha512_update(SHA512CTX c, const void *data, size_t len);
+int sha512_final(unsigned char *md,SHA512CTX c);
+int sha512(const unsigned char *digest, size_t len, unsigned char *hash);
HMACCTX hmac_init(const void *key,size_t len, enum ssh_hmac_e type);
int hmac_update(HMACCTX c, const void *data, size_t len);
diff --git a/src/kdf.c b/src/kdf.c
index 987ae972..a8e534e5 100644
--- a/src/kdf.c
+++ b/src/kdf.c
@@ -77,41 +77,64 @@ static ssh_mac_ctx ssh_mac_ctx_init(enum ssh_kdf_digest type)
}
}
-static void ssh_mac_update(ssh_mac_ctx ctx, const void *data, size_t len)
+static void ssh_mac_ctx_free(ssh_mac_ctx ctx)
{
+ if (ctx == NULL) {
+ return;
+ }
+
switch (ctx->digest_type) {
case SSH_KDF_SHA1:
- sha1_update(ctx->ctx.sha1_ctx, data, len);
+ sha1_ctx_free(ctx->ctx.sha1_ctx);
break;
case SSH_KDF_SHA256:
- sha256_update(ctx->ctx.sha256_ctx, data, len);
+ sha256_ctx_free(ctx->ctx.sha256_ctx);
break;
case SSH_KDF_SHA384:
- sha384_update(ctx->ctx.sha384_ctx, data, len);
+ sha384_ctx_free(ctx->ctx.sha384_ctx);
break;
case SSH_KDF_SHA512:
- sha512_update(ctx->ctx.sha512_ctx, data, len);
+ sha512_ctx_free(ctx->ctx.sha512_ctx);
break;
}
+ SAFE_FREE(ctx);
+}
+
+static int ssh_mac_update(ssh_mac_ctx ctx, const void *data, size_t len)
+{
+ switch (ctx->digest_type) {
+ case SSH_KDF_SHA1:
+ return sha1_update(ctx->ctx.sha1_ctx, data, len);
+ case SSH_KDF_SHA256:
+ return sha256_update(ctx->ctx.sha256_ctx, data, len);
+ case SSH_KDF_SHA384:
+ return sha384_update(ctx->ctx.sha384_ctx, data, len);
+ case SSH_KDF_SHA512:
+ return sha512_update(ctx->ctx.sha512_ctx, data, len);
+ }
+ return SSH_ERROR;
}
-static void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx)
+static int ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx)
{
+ int rc = SSH_ERROR;
+
switch (ctx->digest_type) {
case SSH_KDF_SHA1:
- sha1_final(md, ctx->ctx.sha1_ctx);
+ rc = sha1_final(md, ctx->ctx.sha1_ctx);
break;
case SSH_KDF_SHA256:
- sha256_final(md, ctx->ctx.sha256_ctx);
+ rc = sha256_final(md, ctx->ctx.sha256_ctx);
break;
case SSH_KDF_SHA384:
- sha384_final(md, ctx->ctx.sha384_ctx);
+ rc = sha384_final(md, ctx->ctx.sha384_ctx);
break;
case SSH_KDF_SHA512:
- sha512_final(md, ctx->ctx.sha512_ctx);
+ rc = sha512_final(md, ctx->ctx.sha512_ctx);
break;
}
SAFE_FREE(ctx);
+ return rc;
}
int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
@@ -126,6 +149,7 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
unsigned char digest[DIGEST_MAX_LEN];
size_t output_len = crypto->digest_len;
ssh_mac_ctx ctx;
+ int rc;
if (DIGEST_MAX_LEN < crypto->digest_len) {
return -1;
@@ -136,11 +160,30 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
return -1;
}
- ssh_mac_update(ctx, key, key_len);
- ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
- ssh_mac_update(ctx, &key_type, 1);
- ssh_mac_update(ctx, crypto->session_id, crypto->session_id_len);
- ssh_mac_final(digest, ctx);
+ rc = ssh_mac_update(ctx, key, key_len);
+ if (rc != SSH_OK) {
+ ssh_mac_ctx_free(ctx);
+ return -1;
+ }
+ rc = ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
+ if (rc != SSH_OK) {
+ ssh_mac_ctx_free(ctx);
+ return -1;
+ }
+ rc = ssh_mac_update(ctx, &key_type, 1);
+ if (rc != SSH_OK) {
+ ssh_mac_ctx_free(ctx);
+ return -1;
+ }
+ rc = ssh_mac_update(ctx, crypto->session_id, crypto->session_id_len);
+ if (rc != SSH_OK) {
+ ssh_mac_ctx_free(ctx);
+ return -1;
+ }
+ rc = ssh_mac_final(digest, ctx);
+ if (rc != SSH_OK) {
+ return -1;
+ }
if (requested_len < output_len) {
output_len = requested_len;
@@ -152,10 +195,25 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
if (ctx == NULL) {
return -1;
}
- ssh_mac_update(ctx, key, key_len);
- ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
- ssh_mac_update(ctx, output, output_len);
- ssh_mac_final(digest, ctx);
+ rc = ssh_mac_update(ctx, key, key_len);
+ if (rc != SSH_OK) {
+ ssh_mac_ctx_free(ctx);
+ return -1;
+ }
+ rc = ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
+ if (rc != SSH_OK) {
+ ssh_mac_ctx_free(ctx);
+ return -1;
+ }
+ rc = ssh_mac_update(ctx, output, output_len);
+ if (rc != SSH_OK) {
+ ssh_mac_ctx_free(ctx);
+ return -1;
+ }
+ rc = ssh_mac_final(digest, ctx);
+ if (rc != SSH_OK) {
+ return -1;
+ }
if (requested_len < output_len + crypto->digest_len) {
memcpy(output + output_len, digest, requested_len - output_len);
} else {
diff --git a/src/md_crypto.c b/src/md_crypto.c
index f5104f04..f7cda8dd 100644
--- a/src/md_crypto.c
+++ b/src/md_crypto.c
@@ -25,6 +25,7 @@
#include "libssh/crypto.h"
#include "libssh/wrapper.h"
+#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
@@ -46,28 +47,49 @@ sha1_init(void)
}
void
+sha1_ctx_free(SHACTX c)
+{
+ EVP_MD_CTX_free(c);
+}
+
+int
sha1_update(SHACTX c, const void *data, size_t len)
{
- EVP_DigestUpdate(c, data, len);
+ int rc = EVP_DigestUpdate(c, data, len);
+ if (rc != 1) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha1_final(unsigned char *md, SHACTX c)
{
unsigned int mdlen = 0;
+ int rc = EVP_DigestFinal(c, md, &mdlen);
- EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
+ if (rc != 1) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha1(const unsigned char *digest, size_t len, unsigned char *hash)
{
SHACTX c = sha1_init();
- if (c != NULL) {
- sha1_update(c, digest, len);
- sha1_final(hash, c);
+ int rc;
+
+ if (c == NULL) {
+ return SSH_ERROR;
}
+ rc = sha1_update(c, digest, len);
+ if (rc != SSH_OK) {
+ EVP_MD_CTX_free(c);
+ return SSH_ERROR;
+ }
+ return sha1_final(hash, c);
}
SHA256CTX
@@ -87,28 +109,49 @@ sha256_init(void)
}
void
+sha256_ctx_free(SHA256CTX c)
+{
+ EVP_MD_CTX_free(c);
+}
+
+int
sha256_update(SHA256CTX c, const void *data, size_t len)
{
- EVP_DigestUpdate(c, data, len);
+ int rc = EVP_DigestUpdate(c, data, len);
+ if (rc != 1) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha256_final(unsigned char *md, SHA256CTX c)
{
unsigned int mdlen = 0;
+ int rc = EVP_DigestFinal(c, md, &mdlen);
- EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
+ if (rc != 1) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha256(const unsigned char *digest, size_t len, unsigned char *hash)
{
SHA256CTX c = sha256_init();
- if (c != NULL) {
- sha256_update(c, digest, len);
- sha256_final(hash, c);
+ int rc;
+
+ if (c == NULL) {
+ return SSH_ERROR;
+ }
+ rc = sha256_update(c, digest, len);
+ if (rc != SSH_OK) {
+ EVP_MD_CTX_free(c);
+ return SSH_ERROR;
}
+ return sha256_final(hash, c);
}
SHA384CTX
@@ -128,28 +171,49 @@ sha384_init(void)
}
void
+sha384_ctx_free(SHA384CTX c)
+{
+ EVP_MD_CTX_free(c);
+}
+
+int
sha384_update(SHA384CTX c, const void *data, size_t len)
{
- EVP_DigestUpdate(c, data, len);
+ int rc = EVP_DigestUpdate(c, data, len);
+ if (rc != 1) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha384_final(unsigned char *md, SHA384CTX c)
{
unsigned int mdlen = 0;
+ int rc = EVP_DigestFinal(c, md, &mdlen);
- EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
+ if (rc != 1) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha384(const unsigned char *digest, size_t len, unsigned char *hash)
{
SHA384CTX c = sha384_init();
- if (c != NULL) {
- sha384_update(c, digest, len);
- sha384_final(hash, c);
+ int rc;
+
+ if (c == NULL) {
+ return SSH_ERROR;
}
+ rc = sha384_update(c, digest, len);
+ if (rc != SSH_OK) {
+ EVP_MD_CTX_free(c);
+ return SSH_ERROR;
+ }
+ return sha384_final(hash, c);
}
SHA512CTX
@@ -169,28 +233,49 @@ sha512_init(void)
}
void
+sha512_ctx_free(SHA512CTX c)
+{
+ EVP_MD_CTX_free(c);
+}
+
+int
sha512_update(SHA512CTX c, const void *data, size_t len)
{
- EVP_DigestUpdate(c, data, len);
+ int rc = EVP_DigestUpdate(c, data, len);
+ if (rc != 1) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha512_final(unsigned char *md, SHA512CTX c)
{
unsigned int mdlen = 0;
+ int rc = EVP_DigestFinal(c, md, &mdlen);
- EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
+ if (rc != 1) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha512(const unsigned char *digest, size_t len, unsigned char *hash)
{
SHA512CTX c = sha512_init();
- if (c != NULL) {
- sha512_update(c, digest, len);
- sha512_final(hash, c);
+ int rc;
+
+ if (c == NULL) {
+ return SSH_ERROR;
+ }
+ rc = sha512_update(c, digest, len);
+ if (rc != SSH_OK) {
+ EVP_MD_CTX_free(c);
+ return SSH_ERROR;
}
+ return sha512_final(hash, c);
}
MD5CTX
@@ -210,16 +295,30 @@ md5_init(void)
}
void
+md5_ctx_free(MD5CTX c)
+{
+ EVP_MD_CTX_free(c);
+}
+
+int
md5_update(MD5CTX c, const void *data, size_t len)
{
- EVP_DigestUpdate(c, data, len);
+ int rc = EVP_DigestUpdate(c, data, len);
+ if (rc != 1) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
md5_final(unsigned char *md, MD5CTX c)
{
unsigned int mdlen = 0;
+ int rc = EVP_DigestFinal(c, md, &mdlen);
- EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
+ if (rc != 1) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
diff --git a/src/md_gcrypt.c b/src/md_gcrypt.c
index 1f0a71f3..93c7b0d9 100644
--- a/src/md_gcrypt.c
+++ b/src/md_gcrypt.c
@@ -36,24 +36,40 @@ sha1_init(void)
return ctx;
}
-void
+int
sha1_update(SHACTX c, const void *data, size_t len)
{
gcry_md_write(c, data, len);
+ return SSH_OK;
}
void
+sha1_ctx_free(SHACTX c)
+{
+ gcry_md_close(c);
+}
+
+int
sha1_final(unsigned char *md, SHACTX c)
{
+ unsigned char *tmp = NULL;
+
gcry_md_final(c);
- memcpy(md, gcry_md_read(c, 0), SHA_DIGEST_LEN);
+ tmp = gcry_md_read(c, 0);
+ if (tmp == NULL) {
+ gcry_md_close(c);
+ return SSH_ERROR;
+ }
+ memcpy(md, tmp, SHA_DIGEST_LEN);
gcry_md_close(c);
+ return SSH_OK;
}
-void
+int
sha1(const unsigned char *digest, size_t len, unsigned char *hash)
{
gcry_md_hash_buffer(GCRY_MD_SHA1, hash, digest, len);
+ return SSH_OK;
}
SHA256CTX
@@ -66,23 +82,39 @@ sha256_init(void)
}
void
+sha256_ctx_free(SHA256CTX c)
+{
+ gcry_md_close(c);
+}
+
+int
sha256_update(SHACTX c, const void *data, size_t len)
{
gcry_md_write(c, data, len);
+ return SSH_OK;
}
-void
+int
sha256_final(unsigned char *md, SHACTX c)
{
+ unsigned char *tmp = NULL;
+
gcry_md_final(c);
- memcpy(md, gcry_md_read(c, 0), SHA256_DIGEST_LEN);
+ tmp = gcry_md_read(c, 0);
+ if (tmp == NULL) {
+ gcry_md_close(c);
+ return SSH_ERROR;
+ }
+ memcpy(md, tmp, SHA256_DIGEST_LEN);
gcry_md_close(c);
+ return SSH_OK;
}
-void
+int
sha256(const unsigned char *digest, size_t len, unsigned char *hash)
{
gcry_md_hash_buffer(GCRY_MD_SHA256, hash, digest, len);
+ return SSH_OK;
}
SHA384CTX
@@ -95,23 +127,39 @@ sha384_init(void)
}
void
+sha384_ctx_free(SHA384CTX c)
+{
+ gcry_md_close(c);
+}
+
+int
sha384_update(SHACTX c, const void *data, size_t len)
{
gcry_md_write(c, data, len);
+ return SSH_OK;
}
-void
+int
sha384_final(unsigned char *md, SHACTX c)
{
+ unsigned char *tmp = NULL;
+
gcry_md_final(c);
- memcpy(md, gcry_md_read(c, 0), SHA384_DIGEST_LEN);
+ tmp = gcry_md_read(c, 0);
+ if (tmp == NULL) {
+ gcry_md_close(c);
+ return SSH_ERROR;
+ }
+ memcpy(md, tmp, SHA384_DIGEST_LEN);
gcry_md_close(c);
+ return SSH_OK;
}
-void
+int
sha384(const unsigned char *digest, size_t len, unsigned char *hash)
{
gcry_md_hash_buffer(GCRY_MD_SHA384, hash, digest, len);
+ return SSH_OK;
}
SHA512CTX
@@ -124,23 +172,39 @@ sha512_init(void)
}
void
+sha512_ctx_free(SHA512CTX c)
+{
+ gcry_md_close(c);
+}
+
+int
sha512_update(SHACTX c, const void *data, size_t len)
{
gcry_md_write(c, data, len);
+ return SSH_OK;
}
-void
+int
sha512_final(unsigned char *md, SHACTX c)
{
+ unsigned char *tmp = NULL;
+
gcry_md_final(c);
- memcpy(md, gcry_md_read(c, 0), SHA512_DIGEST_LEN);
+ tmp = gcry_md_read(c, 0);
+ if (tmp == NULL) {
+ gcry_md_close(c);
+ return SSH_ERROR;
+ }
+ memcpy(md, tmp, SHA512_DIGEST_LEN);
gcry_md_close(c);
+ return SSH_OK;
}
-void
+int
sha512(const unsigned char *digest, size_t len, unsigned char *hash)
{
gcry_md_hash_buffer(GCRY_MD_SHA512, hash, digest, len);
+ return SSH_OK;
}
MD5CTX
@@ -153,15 +217,30 @@ md5_init(void)
}
void
+md5_ctx_free(MD5CTX c)
+{
+ gcry_md_close(c);
+}
+
+int
md5_update(MD5CTX c, const void *data, size_t len)
{
gcry_md_write(c, data, len);
+ return SSH_OK;
}
-void
+int
md5_final(unsigned char *md, MD5CTX c)
{
+ unsigned char *tmp = NULL;
+
gcry_md_final(c);
- memcpy(md, gcry_md_read(c, 0), MD5_DIGEST_LEN);
+ tmp = gcry_md_read(c, 0);
+ if (tmp == NULL) {
+ gcry_md_close(c);
+ return SSH_ERROR;
+ }
+ memcpy(md, tmp, MD5_DIGEST_LEN);
gcry_md_close(c);
+ return SSH_OK;
}
diff --git a/src/md_mbedcrypto.c b/src/md_mbedcrypto.c
index 227e20ab..b3529b4b 100644
--- a/src/md_mbedcrypto.c
+++ b/src/md_mbedcrypto.c
@@ -64,27 +64,48 @@ sha1_init(void)
}
void
+sha1_ctx_free(SHACTX c)
+{
+ mbedtls_md_free(c);
+ SAFE_FREE(c);
+}
+
+int
sha1_update(SHACTX c, const void *data, size_t len)
{
- mbedtls_md_update(c, data, len);
+ int rc = mbedtls_md_update(c, data, len);
+ if (rc != 0) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha1_final(unsigned char *md, SHACTX c)
{
- mbedtls_md_finish(c, md);
- mbedtls_md_free(c);
- SAFE_FREE(c);
+ int rc = mbedtls_md_finish(c, md);
+ sha1_ctx_free(c);
+ if (rc != 0) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha1(const unsigned char *digest, size_t len, unsigned char *hash)
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
- if (md_info != NULL) {
- mbedtls_md(md_info, digest, len, hash);
+ int rc;
+
+ if (md_info == NULL) {
+ return SSH_ERROR;
+ }
+ rc = mbedtls_md(md_info, digest, len, hash);
+ if (rc != 0) {
+ return SSH_ERROR;
}
+ return SSH_OK;
}
SHA256CTX
@@ -122,27 +143,48 @@ sha256_init(void)
}
void
+sha256_ctx_free(SHA256CTX c)
+{
+ mbedtls_md_free(c);
+ SAFE_FREE(c);
+}
+
+int
sha256_update(SHA256CTX c, const void *data, size_t len)
{
- mbedtls_md_update(c, data, len);
+ int rc = mbedtls_md_update(c, data, len);
+ if (rc != 0) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha256_final(unsigned char *md, SHA256CTX c)
{
- mbedtls_md_finish(c, md);
+ int rc = mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
+ if (rc != 0) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha256(const unsigned char *digest, size_t len, unsigned char *hash)
{
+ int rc;
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
- if (md_info != NULL) {
- mbedtls_md(md_info, digest, len, hash);
+ if (md_info == NULL) {
+ return SSH_ERROR;
+ }
+ rc = mbedtls_md(md_info, digest, len, hash);
+ if (rc != 0) {
+ return SSH_ERROR;
}
+ return SSH_OK;
}
SHA384CTX
@@ -180,27 +222,48 @@ sha384_init(void)
}
void
+sha384_ctx_free(SHA384CTX c)
+{
+ mbedtls_md_free(c);
+ SAFE_FREE(c);
+}
+
+int
sha384_update(SHA384CTX c, const void *data, size_t len)
{
- mbedtls_md_update(c, data, len);
+ int rc = mbedtls_md_update(c, data, len);
+ if (rc != 0) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha384_final(unsigned char *md, SHA384CTX c)
{
- mbedtls_md_finish(c, md);
- mbedtls_md_free(c);
- SAFE_FREE(c);
+ int rc = mbedtls_md_finish(c, md);
+ sha384_ctx_free(c);
+ if (rc != 0) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha384(const unsigned char *digest, size_t len, unsigned char *hash)
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
- if (md_info != NULL) {
- mbedtls_md(md_info, digest, len, hash);
+ int rc;
+
+ if (md_info == NULL) {
+ return SSH_ERROR;
+ }
+ rc = mbedtls_md(md_info, digest, len, hash);
+ if (rc != 0) {
+ return SSH_ERROR;
}
+ return SSH_OK;
}
SHA512CTX
@@ -237,27 +300,48 @@ sha512_init(void)
}
void
+sha512_ctx_free(SHA512CTX c)
+{
+ mbedtls_md_free(c);
+ SAFE_FREE(c);
+}
+
+int
sha512_update(SHA512CTX c, const void *data, size_t len)
{
- mbedtls_md_update(c, data, len);
+ int rc = mbedtls_md_update(c, data, len);
+ if (rc != 0) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha512_final(unsigned char *md, SHA512CTX c)
{
- mbedtls_md_finish(c, md);
- mbedtls_md_free(c);
- SAFE_FREE(c);
+ int rc = mbedtls_md_finish(c, md);
+ sha512_ctx_free(c);
+ if (rc != 0) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
sha512(const unsigned char *digest, size_t len, unsigned char *hash)
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
- if (md_info != NULL) {
- mbedtls_md(md_info, digest, len, hash);
+ int rc;
+
+ if (md_info == NULL) {
+ return SSH_ERROR;
}
+ rc = mbedtls_md(md_info, digest, len, hash);
+ if (rc != 0) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
MD5CTX
@@ -294,15 +378,30 @@ md5_init(void)
}
void
+md5_ctx_free(MD5CTX c)
+{
+ mbedtls_md_free(c);
+ SAFE_FREE(c);
+}
+
+int
md5_update(MD5CTX c, const void *data, size_t len)
{
- mbedtls_md_update(c, data, len);
+ int rc = mbedtls_md_update(c, data, len);
+ if (rc != 0) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
-void
+int
md5_final(unsigned char *md, MD5CTX c)
{
- mbedtls_md_finish(c, md);
+ int rc = mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
+ if (rc != 0) {
+ return SSH_ERROR;
+ }
+ return SSH_OK;
}
diff --git a/src/session.c b/src/session.c
index fe998dee..8c509699 100644
--- a/src/session.c
+++ b/src/session.c
@@ -1024,7 +1024,18 @@ int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash)
*hash = NULL;
if (session->current_crypto == NULL ||
session->current_crypto->server_pubkey == NULL) {
- ssh_set_error(session,SSH_FATAL,"No current cryptographic context");
+ ssh_set_error(session, SSH_FATAL, "No current cryptographic context");
+ return SSH_ERROR;
+ }
+
+ rc = ssh_get_server_publickey(session, &pubkey);
+ if (rc != SSH_OK) {
+ return SSH_ERROR;
+ }
+
+ rc = ssh_pki_export_pubkey_blob(pubkey, &pubkey_blob);
+ ssh_key_free(pubkey);
+ if (rc != SSH_OK) {
return SSH_ERROR;
}
@@ -1039,25 +1050,21 @@ int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash)
return SSH_ERROR;
}
- rc = ssh_get_server_publickey(session, &pubkey);
+ rc = md5_update(ctx,
+ ssh_string_data(pubkey_blob),
+ ssh_string_len(pubkey_blob));
if (rc != SSH_OK) {
- md5_final(h, ctx);
+ md5_ctx_free(ctx);
SAFE_FREE(h);
- return SSH_ERROR;
+ return rc;
}
-
- rc = ssh_pki_export_pubkey_blob(pubkey, &pubkey_blob);
- ssh_key_free(pubkey);
+ SSH_STRING_FREE(pubkey_blob);
+ rc = md5_final(h, ctx);
if (rc != SSH_OK) {
- md5_final(h, ctx);
SAFE_FREE(h);
- return SSH_ERROR;
+ return rc;
}
- md5_update(ctx, ssh_string_data(pubkey_blob), ssh_string_len(pubkey_blob));
- SSH_STRING_FREE(pubkey_blob);
- md5_final(h, ctx);
-
*hash = h;
return MD5_DIGEST_LEN;
@@ -1177,8 +1184,17 @@ int ssh_get_publickey_hash(const ssh_key key,
goto out;
}
- sha1_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
- sha1_final(h, ctx);
+ rc = sha1_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
+ if (rc != SSH_OK) {
+ free(h);
+ sha1_ctx_free(ctx);
+ goto out;
+ }
+ rc = sha1_final(h, ctx);
+ if (rc != SSH_OK) {
+ free(h);
+ goto out;
+ }
*hlen = SHA_DIGEST_LEN;
}
@@ -1200,8 +1216,17 @@ int ssh_get_publickey_hash(const ssh_key key,
goto out;
}
- sha256_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
- sha256_final(h, ctx);
+ rc = sha256_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
+ if (rc != SSH_OK) {
+ free(h);
+ sha256_ctx_free(ctx);
+ goto out;
+ }
+ rc = sha256_final(h, ctx);
+ if (rc != SSH_OK) {
+ free(h);
+ goto out;
+ }
*hlen = SHA256_DIGEST_LEN;
}
@@ -1231,8 +1256,17 @@ int ssh_get_publickey_hash(const ssh_key key,
goto out;
}
- md5_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
- md5_final(h, ctx);
+ rc = md5_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
+ if (rc != SSH_OK) {
+ free(h);
+ md5_ctx_free(ctx);
+ goto out;
+ }
+ rc = md5_final(h, ctx);
+ if (rc != SSH_OK) {
+ free(h);
+ goto out;
+ }
*hlen = MD5_DIGEST_LEN;
}
--
2.41.0
From 8977e246b6d7ae467cab008a49e0a9e3d84bc2a0 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 15 Dec 2023 13:35:14 +0100
Subject: [PATCH 4/5] CVE-2023-6918: kdf: Detect context init failures
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/kdf.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/src/kdf.c b/src/kdf.c
index a8e534e5..6bc477ce 100644
--- a/src/kdf.c
+++ b/src/kdf.c
@@ -61,20 +61,32 @@ static ssh_mac_ctx ssh_mac_ctx_init(enum ssh_kdf_digest type)
switch (type) {
case SSH_KDF_SHA1:
ctx->ctx.sha1_ctx = sha1_init();
+ if (ctx->ctx.sha1_ctx == NULL) {
+ goto err;
+ }
return ctx;
case SSH_KDF_SHA256:
ctx->ctx.sha256_ctx = sha256_init();
+ if (ctx->ctx.sha256_ctx == NULL) {
+ goto err;
+ }
return ctx;
case SSH_KDF_SHA384:
ctx->ctx.sha384_ctx = sha384_init();
+ if (ctx->ctx.sha384_ctx == NULL) {
+ goto err;
+ }
return ctx;
case SSH_KDF_SHA512:
ctx->ctx.sha512_ctx = sha512_init();
+ if (ctx->ctx.sha512_ctx == NULL) {
+ goto err;
+ }
return ctx;
- default:
- SAFE_FREE(ctx);
- return NULL;
}
+err:
+ SAFE_FREE(ctx);
+ return NULL;
}
static void ssh_mac_ctx_free(ssh_mac_ctx ctx)
--
2.41.0
From 622421018b58392ffecc29726b947e089b678221 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 15 Dec 2023 15:39:12 +0100
Subject: [PATCH 5/5] CVE-2023-6918: tests: Code coverage for
ssh_get_pubkey_hash()
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
tests/client/torture_session.c | 35 ++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/tests/client/torture_session.c b/tests/client/torture_session.c
index 27e8fc86..c437d421 100644
--- a/tests/client/torture_session.c
+++ b/tests/client/torture_session.c
@@ -391,6 +391,38 @@ static void torture_freed_channel_get_exit_status(void **state)
assert_ssh_return_code_equal(session, rc, SSH_ERROR);
}
+static void torture_pubkey_hash(void **state)
+{
+ struct torture_state *s = *state;
+ ssh_session session = s->ssh.session;
+ char *hash = NULL;
+ char *hexa = NULL;
+ int rc = 0;
+
+ /* bad arguments */
+ rc = ssh_get_pubkey_hash(session, NULL);
+ assert_int_equal(rc, SSH_ERROR);
+
+ rc = ssh_get_pubkey_hash(NULL, (unsigned char **)&hash);
+ assert_int_equal(rc, SSH_ERROR);
+
+ /* deprecated, but should be covered by tests! */
+ rc = ssh_get_pubkey_hash(session, (unsigned char **)&hash);
+ if (ssh_fips_mode()) {
+ /* When in FIPS mode, expect the call to fail */
+ assert_int_equal(rc, SSH_ERROR);
+ } else {
+ assert_int_equal(rc, MD5_DIGEST_LEN);
+
+ hexa = ssh_get_hexa((unsigned char *)hash, rc);
+ SSH_STRING_FREE_CHAR(hash);
+ assert_string_equal(hexa,
+ "ee:80:7f:61:f9:d5:be:f1:96:86:cc:96:7a:db:7a:7b");
+
+ SSH_STRING_FREE_CHAR(hexa);
+ }
+}
+
int torture_run_tests(void) {
int rc;
struct CMUnitTest tests[] = {
@@ -421,6 +453,9 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_freed_channel_get_exit_status,
session_setup,
session_teardown),
+ cmocka_unit_test_setup_teardown(torture_pubkey_hash,
+ session_setup,
+ session_teardown),
};
ssh_init();
--
2.41.0