openssh/openssh-9.0p1-evp-fips-ecdh.patch

diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../openssh-8.7p1/kexecdh.c ./kexecdh.c
--- ../openssh-8.7p1/kexecdh.c	2021-08-20 06:03:49.000000000 +0200
+++ ./kexecdh.c	2023-04-13 14:30:14.882449593 +0200
@@ -35,17 +35,57 @@
 #include <signal.h>
 
 #include <openssl/ecdh.h>
+#include <openssl/evp.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
+#include <openssl/err.h>
 
 #include "sshkey.h"
 #include "kex.h"
 #include "sshbuf.h"
 #include "digest.h"
 #include "ssherr.h"
+#include "log.h"
 
 static int
 kex_ecdh_dec_key_group(struct kex *, const struct sshbuf *, EC_KEY *key,
     const EC_GROUP *, struct sshbuf **);
 
+static EC_KEY *
+generate_ec_keys(int ec_nid)
+{
+	EC_KEY *client_key = NULL;
+	EVP_PKEY *pkey = NULL;
+	EVP_PKEY_CTX *ctx = NULL;
+	OSSL_PARAM_BLD *param_bld = NULL;
+	OSSL_PARAM *params = NULL;
+	const char *group_name;
+
+	if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL ||
+	    (param_bld = OSSL_PARAM_BLD_new()) == NULL)
+		goto out;
+	if ((group_name = OSSL_EC_curve_nid2name(ec_nid)) == NULL ||
+	    OSSL_PARAM_BLD_push_utf8_string(param_bld,
+	        OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0) != 1 ||
+	    (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
+		error_f("Could not create OSSL_PARAM");
+		goto out;
+	}
+	if (EVP_PKEY_keygen_init(ctx) != 1 ||
+	    EVP_PKEY_CTX_set_params(ctx, params) != 1 ||
+	    EVP_PKEY_generate(ctx, &pkey) != 1 ||
+	    (client_key = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) {
+		error_f("Could not generate ec keys");
+		goto out;
+	}
+out:
+	EVP_PKEY_free(pkey);
+	EVP_PKEY_CTX_free(ctx);
+	OSSL_PARAM_BLD_free(param_bld);
+	OSSL_PARAM_free(params);
+	return client_key;
+}
+
 int
 kex_ecdh_keypair(struct kex *kex)
 {
@@ -55,11 +95,7 @@
 	struct sshbuf *buf = NULL;
 	int r;
 
-	if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if (EC_KEY_generate_key(client_key) != 1) {
+	if ((client_key = generate_ec_keys(kex->ec_nid)) == NULL) {
 		r = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
@@ -101,11 +137,7 @@
 	*server_blobp = NULL;
 	*shared_secretp = NULL;
 
-	if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if (EC_KEY_generate_key(server_key) != 1) {
+	if ((server_key = generate_ec_keys(kex->ec_nid)) == NULL) {
 		r = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
@@ -140,11 +172,21 @@
 {
 	struct sshbuf *buf = NULL;
 	BIGNUM *shared_secret = NULL;
-	EC_POINT *dh_pub = NULL;
-	u_char *kbuf = NULL;
-	size_t klen = 0;
+	EVP_PKEY_CTX *ctx = NULL;
+	EVP_PKEY *pkey = NULL, *dh_pkey = NULL;
+	OSSL_PARAM_BLD *param_bld = NULL;
+	OSSL_PARAM *params = NULL;
+	u_char *kbuf = NULL, *pub = NULL;
+	size_t klen = 0, publen;
+	const char *group_name;
 	int r;
 
+	/* import EC_KEY to EVP_PKEY */
+	if ((r = ssh_create_evp_ec(key, kex->ec_nid, &pkey)) != 0) {
+		error_f("Could not create EVP_PKEY");
+		goto out;
+	}
+
 	*shared_secretp = NULL;
 
 	if ((buf = sshbuf_new()) == NULL) {
@@ -153,45 +195,82 @@
 	}
 	if ((r = sshbuf_put_stringb(buf, ec_blob)) != 0)
 		goto out;
-	if ((dh_pub = EC_POINT_new(group)) == NULL) {
+
+	/* the public key is in the buffer in octet string UNCOMPRESSED
+	 * format. See sshbuf_put_ec */
+	if ((r = sshbuf_get_string(buf, &pub, &publen)) != 0)
+		goto out;
+	sshbuf_reset(buf);
+	if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL ||
+	    (param_bld = OSSL_PARAM_BLD_new()) == NULL) {
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	if ((r = sshbuf_get_ec(buf, dh_pub, group)) != 0) {
+	if ((group_name = OSSL_EC_curve_nid2name(kex->ec_nid)) == NULL) {
+		r = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+	}
+	if (OSSL_PARAM_BLD_push_octet_string(param_bld,
+	        OSSL_PKEY_PARAM_PUB_KEY, pub, publen) != 1 ||
+	    OSSL_PARAM_BLD_push_utf8_string(param_bld,
+	        OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0) != 1 ||
+	    (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
+		error_f("Failed to set params for dh_pkey");
+		r = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+	}
+	if (EVP_PKEY_fromdata_init(ctx) != 1 ||
+	    EVP_PKEY_fromdata(ctx, &dh_pkey,
+	        EVP_PKEY_PUBLIC_KEY, params) != 1 ||
+	    EVP_PKEY_public_check(ctx) != 1) {
+		error_f("Peer public key import failed");
+		r = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
-	sshbuf_reset(buf);
 
 #ifdef DEBUG_KEXECDH
 	fputs("public key:\n", stderr);
-	sshkey_dump_ec_point(group, dh_pub);
+	EVP_PKEY_print_public_fp(stderr, dh_pkey, 0, NULL);
 #endif
-	if (sshkey_ec_validate_public(group, dh_pub) != 0) {
-		r = SSH_ERR_MESSAGE_INCOMPLETE;
+	EVP_PKEY_CTX_free(ctx);
+	ctx = NULL;
+	if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL ||
+	    EVP_PKEY_derive_init(ctx) != 1 ||
+	    EVP_PKEY_derive_set_peer(ctx, dh_pkey) != 1 ||
+	    EVP_PKEY_derive(ctx, NULL, &klen) != 1) {
+		error_f("Failed to get derive information");
+		r = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
-	klen = (EC_GROUP_get_degree(group) + 7) / 8;
-	if ((kbuf = malloc(klen)) == NULL ||
-	    (shared_secret = BN_new()) == NULL) {
+	if ((kbuf = malloc(klen)) == NULL) {
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	if (ECDH_compute_key(kbuf, klen, dh_pub, key, NULL) != (int)klen ||
-	    BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
+	if (EVP_PKEY_derive(ctx, kbuf, &klen) != 1) {
 		r = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
 #ifdef DEBUG_KEXECDH
 	dump_digest("shared secret", kbuf, klen);
 #endif
+	if ((shared_secret = BN_new()) == NULL ||
+	    (BN_bin2bn(kbuf, klen, shared_secret) == NULL)) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
 	if ((r = sshbuf_put_bignum2(buf, shared_secret)) != 0)
 		goto out;
 	*shared_secretp = buf;
 	buf = NULL;
  out:
-	EC_POINT_clear_free(dh_pub);
+	EVP_PKEY_CTX_free(ctx);
+	EVP_PKEY_free(pkey);
+	EVP_PKEY_free(dh_pkey);
+	OSSL_PARAM_BLD_free(param_bld);
+	OSSL_PARAM_free(params);
 	BN_clear_free(shared_secret);
 	freezero(kbuf, klen);
+	freezero(pub, publen);
 	sshbuf_free(buf);
 	return r;
 }