b63272d9eb
FIPS compliancy can be stated by using only compliant crypto functions. This is achieved by using EVP API from openssl 3.0 version. The solution uses a non-intrusive approach - instead of rewriting everything to use EVP API it converts the data to it at the critical places. Signed-off-by: Norbert Pocs <npocs@redhat.com>
208 lines
5.9 KiB
Diff
208 lines
5.9 KiB
Diff
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../openssh-8.7p1/kexecdh.c ./kexecdh.c
|
|
--- ../openssh-8.7p1/kexecdh.c 2021-08-20 06:03:49.000000000 +0200
|
|
+++ ./kexecdh.c 2023-04-13 14:30:14.882449593 +0200
|
|
@@ -35,17 +35,57 @@
|
|
#include <signal.h>
|
|
|
|
#include <openssl/ecdh.h>
|
|
+#include <openssl/evp.h>
|
|
+#include <openssl/core_names.h>
|
|
+#include <openssl/param_build.h>
|
|
+#include <openssl/err.h>
|
|
|
|
#include "sshkey.h"
|
|
#include "kex.h"
|
|
#include "sshbuf.h"
|
|
#include "digest.h"
|
|
#include "ssherr.h"
|
|
+#include "log.h"
|
|
|
|
static int
|
|
kex_ecdh_dec_key_group(struct kex *, const struct sshbuf *, EC_KEY *key,
|
|
const EC_GROUP *, struct sshbuf **);
|
|
|
|
+static EC_KEY *
|
|
+generate_ec_keys(int ec_nid)
|
|
+{
|
|
+ EC_KEY *client_key = NULL;
|
|
+ EVP_PKEY *pkey = NULL;
|
|
+ EVP_PKEY_CTX *ctx = NULL;
|
|
+ OSSL_PARAM_BLD *param_bld = NULL;
|
|
+ OSSL_PARAM *params = NULL;
|
|
+ const char *group_name;
|
|
+
|
|
+ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL ||
|
|
+ (param_bld = OSSL_PARAM_BLD_new()) == NULL)
|
|
+ goto out;
|
|
+ if ((group_name = OSSL_EC_curve_nid2name(ec_nid)) == NULL ||
|
|
+ OSSL_PARAM_BLD_push_utf8_string(param_bld,
|
|
+ OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0) != 1 ||
|
|
+ (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
|
|
+ error_f("Could not create OSSL_PARAM");
|
|
+ goto out;
|
|
+ }
|
|
+ if (EVP_PKEY_keygen_init(ctx) != 1 ||
|
|
+ EVP_PKEY_CTX_set_params(ctx, params) != 1 ||
|
|
+ EVP_PKEY_generate(ctx, &pkey) != 1 ||
|
|
+ (client_key = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) {
|
|
+ error_f("Could not generate ec keys");
|
|
+ goto out;
|
|
+ }
|
|
+out:
|
|
+ EVP_PKEY_free(pkey);
|
|
+ EVP_PKEY_CTX_free(ctx);
|
|
+ OSSL_PARAM_BLD_free(param_bld);
|
|
+ OSSL_PARAM_free(params);
|
|
+ return client_key;
|
|
+}
|
|
+
|
|
int
|
|
kex_ecdh_keypair(struct kex *kex)
|
|
{
|
|
@@ -55,11 +95,7 @@
|
|
struct sshbuf *buf = NULL;
|
|
int r;
|
|
|
|
- if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
|
|
- r = SSH_ERR_ALLOC_FAIL;
|
|
- goto out;
|
|
- }
|
|
- if (EC_KEY_generate_key(client_key) != 1) {
|
|
+ if ((client_key = generate_ec_keys(kex->ec_nid)) == NULL) {
|
|
r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
goto out;
|
|
}
|
|
@@ -101,11 +137,7 @@
|
|
*server_blobp = NULL;
|
|
*shared_secretp = NULL;
|
|
|
|
- if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
|
|
- r = SSH_ERR_ALLOC_FAIL;
|
|
- goto out;
|
|
- }
|
|
- if (EC_KEY_generate_key(server_key) != 1) {
|
|
+ if ((server_key = generate_ec_keys(kex->ec_nid)) == NULL) {
|
|
r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
goto out;
|
|
}
|
|
@@ -140,11 +172,21 @@
|
|
{
|
|
struct sshbuf *buf = NULL;
|
|
BIGNUM *shared_secret = NULL;
|
|
- EC_POINT *dh_pub = NULL;
|
|
- u_char *kbuf = NULL;
|
|
- size_t klen = 0;
|
|
+ EVP_PKEY_CTX *ctx = NULL;
|
|
+ EVP_PKEY *pkey = NULL, *dh_pkey = NULL;
|
|
+ OSSL_PARAM_BLD *param_bld = NULL;
|
|
+ OSSL_PARAM *params = NULL;
|
|
+ u_char *kbuf = NULL, *pub = NULL;
|
|
+ size_t klen = 0, publen;
|
|
+ const char *group_name;
|
|
int r;
|
|
|
|
+ /* import EC_KEY to EVP_PKEY */
|
|
+ if ((r = ssh_create_evp_ec(key, kex->ec_nid, &pkey)) != 0) {
|
|
+ error_f("Could not create EVP_PKEY");
|
|
+ goto out;
|
|
+ }
|
|
+
|
|
*shared_secretp = NULL;
|
|
|
|
if ((buf = sshbuf_new()) == NULL) {
|
|
@@ -153,45 +195,82 @@
|
|
}
|
|
if ((r = sshbuf_put_stringb(buf, ec_blob)) != 0)
|
|
goto out;
|
|
- if ((dh_pub = EC_POINT_new(group)) == NULL) {
|
|
+
|
|
+ /* the public key is in the buffer in octet string UNCOMPRESSED
|
|
+ * format. See sshbuf_put_ec */
|
|
+ if ((r = sshbuf_get_string(buf, &pub, &publen)) != 0)
|
|
+ goto out;
|
|
+ sshbuf_reset(buf);
|
|
+ if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL ||
|
|
+ (param_bld = OSSL_PARAM_BLD_new()) == NULL) {
|
|
r = SSH_ERR_ALLOC_FAIL;
|
|
goto out;
|
|
}
|
|
- if ((r = sshbuf_get_ec(buf, dh_pub, group)) != 0) {
|
|
+ if ((group_name = OSSL_EC_curve_nid2name(kex->ec_nid)) == NULL) {
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
+ goto out;
|
|
+ }
|
|
+ if (OSSL_PARAM_BLD_push_octet_string(param_bld,
|
|
+ OSSL_PKEY_PARAM_PUB_KEY, pub, publen) != 1 ||
|
|
+ OSSL_PARAM_BLD_push_utf8_string(param_bld,
|
|
+ OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0) != 1 ||
|
|
+ (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
|
|
+ error_f("Failed to set params for dh_pkey");
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
+ goto out;
|
|
+ }
|
|
+ if (EVP_PKEY_fromdata_init(ctx) != 1 ||
|
|
+ EVP_PKEY_fromdata(ctx, &dh_pkey,
|
|
+ EVP_PKEY_PUBLIC_KEY, params) != 1 ||
|
|
+ EVP_PKEY_public_check(ctx) != 1) {
|
|
+ error_f("Peer public key import failed");
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
goto out;
|
|
}
|
|
- sshbuf_reset(buf);
|
|
|
|
#ifdef DEBUG_KEXECDH
|
|
fputs("public key:\n", stderr);
|
|
- sshkey_dump_ec_point(group, dh_pub);
|
|
+ EVP_PKEY_print_public_fp(stderr, dh_pkey, 0, NULL);
|
|
#endif
|
|
- if (sshkey_ec_validate_public(group, dh_pub) != 0) {
|
|
- r = SSH_ERR_MESSAGE_INCOMPLETE;
|
|
+ EVP_PKEY_CTX_free(ctx);
|
|
+ ctx = NULL;
|
|
+ if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL ||
|
|
+ EVP_PKEY_derive_init(ctx) != 1 ||
|
|
+ EVP_PKEY_derive_set_peer(ctx, dh_pkey) != 1 ||
|
|
+ EVP_PKEY_derive(ctx, NULL, &klen) != 1) {
|
|
+ error_f("Failed to get derive information");
|
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
goto out;
|
|
}
|
|
- klen = (EC_GROUP_get_degree(group) + 7) / 8;
|
|
- if ((kbuf = malloc(klen)) == NULL ||
|
|
- (shared_secret = BN_new()) == NULL) {
|
|
+ if ((kbuf = malloc(klen)) == NULL) {
|
|
r = SSH_ERR_ALLOC_FAIL;
|
|
goto out;
|
|
}
|
|
- if (ECDH_compute_key(kbuf, klen, dh_pub, key, NULL) != (int)klen ||
|
|
- BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
|
|
+ if (EVP_PKEY_derive(ctx, kbuf, &klen) != 1) {
|
|
r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
goto out;
|
|
}
|
|
#ifdef DEBUG_KEXECDH
|
|
dump_digest("shared secret", kbuf, klen);
|
|
#endif
|
|
+ if ((shared_secret = BN_new()) == NULL ||
|
|
+ (BN_bin2bn(kbuf, klen, shared_secret) == NULL)) {
|
|
+ r = SSH_ERR_ALLOC_FAIL;
|
|
+ goto out;
|
|
+ }
|
|
if ((r = sshbuf_put_bignum2(buf, shared_secret)) != 0)
|
|
goto out;
|
|
*shared_secretp = buf;
|
|
buf = NULL;
|
|
out:
|
|
- EC_POINT_clear_free(dh_pub);
|
|
+ EVP_PKEY_CTX_free(ctx);
|
|
+ EVP_PKEY_free(pkey);
|
|
+ EVP_PKEY_free(dh_pkey);
|
|
+ OSSL_PARAM_BLD_free(param_bld);
|
|
+ OSSL_PARAM_free(params);
|
|
BN_clear_free(shared_secret);
|
|
freezero(kbuf, klen);
|
|
+ freezero(pub, publen);
|
|
sshbuf_free(buf);
|
|
return r;
|
|
}
|