aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2015-12-31 10:48:34 +0100
committerAris Adamantiadis <aris@0xbadc0de.be>2016-05-13 09:26:36 +0200
commit8d03760817c65c478e4e9ab7042c744970ace229 (patch)
treeae8835fb7f412b0165fb22ad987d15265331f982
parenta764e3ba84153632ccfc226f9cfaebfc3e64482c (diff)
downloadlibssh-8d03760817c65c478e4e9ab7042c744970ace229.tar.gz
libssh-8d03760817c65c478e4e9ab7042c744970ace229.tar.xz
libssh-8d03760817c65c478e4e9ab7042c744970ace229.zip
bignum: harmonize gcrypt and libcrypto usage
-rw-r--r--include/libssh/bignum.h1
-rw-r--r--include/libssh/libcrypto.h11
-rw-r--r--include/libssh/libgcrypt.h8
-rw-r--r--src/bignum.c24
-rw-r--r--src/curve25519.c10
-rw-r--r--src/dh.c75
-rw-r--r--src/ecdh.c13
-rw-r--r--src/known_hosts.c13
-rw-r--r--src/pki_crypto.c7
9 files changed, 35 insertions, 127 deletions
diff --git a/include/libssh/bignum.h b/include/libssh/bignum.h
index df77ebeb..9825bc17 100644
--- a/include/libssh/bignum.h
+++ b/include/libssh/bignum.h
@@ -25,7 +25,6 @@
#include "libssh/libgcrypt.h"
bignum ssh_make_string_bn(ssh_string string);
-void ssh_make_string_bn_inplace(ssh_string string, bignum bnout);
ssh_string ssh_make_bignum_string(bignum num);
void ssh_print_bignum(const char *which,bignum num);
diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h
index 8f29253c..2f8099ee 100644
--- a/include/libssh/libcrypto.h
+++ b/include/libssh/libcrypto.h
@@ -69,18 +69,23 @@ typedef BN_CTX* bignum_CTX;
#define bignum_new() BN_new()
#define bignum_free(num) BN_clear_free(num)
#define bignum_set_word(bn,n) BN_set_word(bn,n)
-#define bignum_bin2bn(bn,datalen,data) BN_bin2bn(bn,datalen,data)
+#define bignum_bin2bn(data,datalen,dest) do { \
+ (*dest)=BN_new(); \
+ if ((*dest) != NULL) \
+ BN_bin2bn(data,datalen,(*dest)); \
+ } while(0)
#define bignum_bn2dec(num) BN_bn2dec(num)
#define bignum_dec2bn(bn,data) BN_dec2bn(data,bn)
-#define bignum_bn2hex(num) BN_bn2hex(num)
+#define bignum_bn2hex(num, dest) (*dest)=(unsigned char *)BN_bn2hex(num)
#define bignum_rand(rnd, bits) BN_rand(rnd,bits,0,1)
#define bignum_ctx_new() BN_CTX_new()
#define bignum_ctx_free(num) BN_CTX_free(num)
+#define bignum_ctx_invalid(ctx) ((ctx) == NULL)
#define bignum_mod_exp(dest,generator,exp,modulo,ctx) BN_mod_exp(dest,generator,exp,modulo,ctx)
#define bignum_num_bytes(num) BN_num_bytes(num)
#define bignum_num_bits(num) BN_num_bits(num)
#define bignum_is_bit_set(num,bit) BN_is_bit_set(num,bit)
-#define bignum_bn2bin(num,ptr) BN_bn2bin(num,ptr)
+#define bignum_bn2bin(num,len, ptr) BN_bn2bin(num,ptr)
#define bignum_cmp(num1,num2) BN_cmp(num1,num2)
#endif /* HAVE_LIBCRYPTO */
diff --git a/include/libssh/libgcrypt.h b/include/libssh/libgcrypt.h
index 1e784f4d..b950b3bd 100644
--- a/include/libssh/libgcrypt.h
+++ b/include/libssh/libgcrypt.h
@@ -50,6 +50,7 @@ typedef void *EVPCTX;
#define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
typedef gcry_mpi_t bignum;
+typedef void* bignum_CTX;
/* missing gcrypt functions */
int ssh_gcry_dec2bn(bignum *bn, const char *data);
@@ -57,14 +58,17 @@ char *ssh_gcry_bn2dec(bignum bn);
#define bignum_new() gcry_mpi_new(0)
#define bignum_free(num) gcry_mpi_release(num)
+#define bignum_ctx_new() NULL
+#define bignum_ctx_free(num) do {(num) = NULL;} while(0)
+#define bignum_ctx_invalid(ctx) 0
#define bignum_set_word(bn,n) gcry_mpi_set_ui(bn,n)
-#define bignum_bin2bn(bn,datalen,data) gcry_mpi_scan(data,GCRYMPI_FMT_USG,bn,datalen,NULL)
+#define bignum_bin2bn(data,datalen,dest) gcry_mpi_scan(dest,GCRYMPI_FMT_USG,data,datalen,NULL)
#define bignum_bn2dec(num) ssh_gcry_bn2dec(num)
#define bignum_dec2bn(num, data) ssh_gcry_dec2bn(data, num)
#define bignum_bn2hex(num,data) gcry_mpi_aprint(GCRYMPI_FMT_HEX,data,NULL,num)
#define bignum_hex2bn(num,datalen,data) gcry_mpi_scan(num,GCRYMPI_FMT_HEX,data,datalen,NULL)
#define bignum_rand(num,bits) gcry_mpi_randomize(num,bits,GCRY_STRONG_RANDOM),gcry_mpi_set_bit(num,bits-1),gcry_mpi_set_bit(num,0)
-#define bignum_mod_exp(dest,generator,exp,modulo) gcry_mpi_powm(dest,generator,exp,modulo)
+#define bignum_mod_exp(dest,generator,exp,modulo, ctx) gcry_mpi_powm(dest,generator,exp,modulo)
#define bignum_num_bits(num) gcry_mpi_get_nbits(num)
#define bignum_num_bytes(num) ((gcry_mpi_get_nbits(num)+7)/8)
#define bignum_is_bit_set(num,bit) gcry_mpi_test_bit(num,bit)
diff --git a/src/bignum.c b/src/bignum.c
index de21d6b3..abc77255 100644
--- a/src/bignum.c
+++ b/src/bignum.c
@@ -54,11 +54,7 @@ ssh_string ssh_make_bignum_string(bignum num) {
ptr->data[0] = 0;
}
-#ifdef HAVE_LIBGCRYPT
bignum_bn2bin(num, len, ptr->data + pad);
-#elif HAVE_LIBCRYPTO
- bignum_bn2bin(num, ptr->data + pad);
-#endif
return ptr;
}
@@ -72,35 +68,15 @@ bignum ssh_make_string_bn(ssh_string string){
len * 8, len);
#endif /* DEBUG_CRYPTO */
-#ifdef HAVE_LIBGCRYPT
bignum_bin2bn(string->data, len, &bn);
-#elif defined HAVE_LIBCRYPTO
- bn = bignum_bin2bn(string->data, len, NULL);
-#endif
return bn;
}
-void ssh_make_string_bn_inplace(ssh_string string, bignum bnout) {
- unsigned int len = ssh_string_len(string);
-#ifdef HAVE_LIBGCRYPT
- /* XXX: FIXME as needed for LIBGCRYPT ECDSA codepaths. */
- (void) len;
- (void) bnout;
-#elif defined HAVE_LIBCRYPTO
- bignum_bin2bn(string->data, len, bnout);
-#endif
-}
-
/* prints the bignum on stderr */
void ssh_print_bignum(const char *which, bignum num) {
-#ifdef HAVE_LIBGCRYPT
unsigned char *hex = NULL;
bignum_bn2hex(num, &hex);
-#elif defined HAVE_LIBCRYPTO
- char *hex = NULL;
- hex = bignum_bn2hex(num);
-#endif
fprintf(stderr, "%s value: ", which);
fprintf(stderr, "%s\n", (hex == NULL) ? "(null)" : (char *) hex);
#ifdef HAVE_LIBGCRYPT
diff --git a/src/curve25519.c b/src/curve25519.c
index e449b916..e42101cc 100644
--- a/src/curve25519.c
+++ b/src/curve25519.c
@@ -85,11 +85,6 @@ int ssh_client_curve25519_init(ssh_session session){
static int ssh_curve25519_build_k(ssh_session session) {
ssh_curve25519_pubkey k;
- session->next_crypto->k = bignum_new();
-
- if (session->next_crypto->k == NULL) {
- return SSH_ERROR;
- }
if (session->server)
crypto_scalarmult(k, session->next_crypto->curve25519_privkey,
@@ -98,7 +93,10 @@ static int ssh_curve25519_build_k(ssh_session session) {
crypto_scalarmult(k, session->next_crypto->curve25519_privkey,
session->next_crypto->curve25519_server_pubkey);
- bignum_bin2bn(k, CURVE25519_PUBKEY_SIZE, session->next_crypto->k);
+ bignum_bin2bn(k, CURVE25519_PUBKEY_SIZE, &session->next_crypto->k);
+ if (session->next_crypto->k == NULL) {
+ return SSH_ERROR;
+ }
#ifdef DEBUG_CRYPTO
ssh_print_hexa("Session server cookie",
diff --git a/src/dh.c b/src/dh.c
index 6e87c36e..8055aa0e 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -134,12 +134,11 @@ int ssh_dh_init(void) {
}
bignum_set_word(g,g_int);
-#ifdef HAVE_LIBGCRYPT
bignum_bin2bn(p_group1_value, P_GROUP1_LEN, &p_group1);
if (p_group1 == NULL) {
bignum_free(g);
g = NULL;
- return -1;
+ return SSH_ERROR;
}
bignum_bin2bn(p_group14_value, P_GROUP14_LEN, &p_group14);
if (p_group14 == NULL) {
@@ -147,28 +146,9 @@ int ssh_dh_init(void) {
bignum_free(p_group1);
g = NULL;
p_group1 = NULL;
- return -1;
- }
-
-#elif defined HAVE_LIBCRYPTO
- p_group1 = bignum_new();
- if (p_group1 == NULL) {
- bignum_free(g);
- g = NULL;
- return -1;
- }
- bignum_bin2bn(p_group1_value, P_GROUP1_LEN, p_group1);
-
- p_group14 = bignum_new();
- if (p_group14 == NULL) {
- bignum_free(g);
- bignum_free(p_group1);
- g = NULL;
- p_group1 = NULL;
return SSH_ERROR;
}
- bignum_bin2bn(p_group14_value, P_GROUP14_LEN, p_group14);
-#endif
+
dh_crypto_initialized = 1;
}
@@ -238,72 +218,48 @@ int ssh_dh_generate_y(ssh_session session) {
/* used by server */
int ssh_dh_generate_e(ssh_session session) {
-#ifdef HAVE_LIBCRYPTO
bignum_CTX ctx = bignum_ctx_new();
- if (ctx == NULL) {
+ if (bignum_ctx_invalid(ctx)) {
return -1;
}
-#endif
session->next_crypto->e = bignum_new();
if (session->next_crypto->e == NULL) {
-#ifdef HAVE_LIBCRYPTO
bignum_ctx_free(ctx);
-#endif
return -1;
}
-#ifdef HAVE_LIBGCRYPT
- bignum_mod_exp(session->next_crypto->e, g, session->next_crypto->x,
- select_p(session->next_crypto->kex_type));
-#elif defined HAVE_LIBCRYPTO
bignum_mod_exp(session->next_crypto->e, g, session->next_crypto->x,
select_p(session->next_crypto->kex_type), ctx);
-#endif
#ifdef DEBUG_CRYPTO
ssh_print_bignum("e", session->next_crypto->e);
#endif
-#ifdef HAVE_LIBCRYPTO
bignum_ctx_free(ctx);
-#endif
return 0;
}
int ssh_dh_generate_f(ssh_session session) {
-#ifdef HAVE_LIBCRYPTO
bignum_CTX ctx = bignum_ctx_new();
- if (ctx == NULL) {
+ if (bignum_ctx_invalid(ctx)) {
return -1;
- }
-#endif
+ }
session->next_crypto->f = bignum_new();
if (session->next_crypto->f == NULL) {
-#ifdef HAVE_LIBCRYPTO
bignum_ctx_free(ctx);
-#endif
return -1;
}
-#ifdef HAVE_LIBGCRYPT
- bignum_mod_exp(session->next_crypto->f, g, session->next_crypto->y,
- select_p(session->next_crypto->kex_type));
-#elif defined HAVE_LIBCRYPTO
bignum_mod_exp(session->next_crypto->f, g, session->next_crypto->y,
select_p(session->next_crypto->kex_type), ctx);
-#endif
-
#ifdef DEBUG_CRYPTO
ssh_print_bignum("f", session->next_crypto->f);
#endif
-#ifdef HAVE_LIBCRYPTO
bignum_ctx_free(ctx);
-#endif
-
return 0;
}
@@ -348,31 +304,18 @@ int ssh_dh_import_e(ssh_session session, ssh_string e_string) {
}
int ssh_dh_build_k(ssh_session session) {
-#ifdef HAVE_LIBCRYPTO
bignum_CTX ctx = bignum_ctx_new();
- if (ctx == NULL) {
+ if (bignum_ctx_invalid(ctx)) {
return -1;
}
-#endif
session->next_crypto->k = bignum_new();
if (session->next_crypto->k == NULL) {
-#ifdef HAVE_LIBCRYPTO
bignum_ctx_free(ctx);
-#endif
return -1;
}
- /* the server and clients don't use the same numbers */
-#ifdef HAVE_LIBGCRYPT
- if(session->client) {
- bignum_mod_exp(session->next_crypto->k, session->next_crypto->f,
- session->next_crypto->x, select_p(session->next_crypto->kex_type));
- } else {
- bignum_mod_exp(session->next_crypto->k, session->next_crypto->e,
- session->next_crypto->y, select_p(session->next_crypto->kex_type));
- }
-#elif defined HAVE_LIBCRYPTO
+ /* the server and clients don't use the same numbers */
if (session->client) {
bignum_mod_exp(session->next_crypto->k, session->next_crypto->f,
session->next_crypto->x, select_p(session->next_crypto->kex_type), ctx);
@@ -380,7 +323,6 @@ int ssh_dh_build_k(ssh_session session) {
bignum_mod_exp(session->next_crypto->k, session->next_crypto->e,
session->next_crypto->y, select_p(session->next_crypto->kex_type), ctx);
}
-#endif
#ifdef DEBUG_CRYPTO
ssh_print_hexa("Session server cookie",
@@ -390,10 +332,7 @@ int ssh_dh_build_k(ssh_session session) {
ssh_print_bignum("Shared secret key", session->next_crypto->k);
#endif
-#ifdef HAVE_LIBCRYPTO
bignum_ctx_free(ctx);
-#endif
-
return 0;
}
diff --git a/src/ecdh.c b/src/ecdh.c
index 640bba6e..1e7d2300 100644
--- a/src/ecdh.c
+++ b/src/ecdh.c
@@ -123,12 +123,6 @@ static int ecdh_build_k(ssh_session session) {
return -1;
}
- session->next_crypto->k = bignum_new();
- if (session->next_crypto->k == NULL) {
- bignum_ctx_free(ctx);
- return -1;
- }
-
pubkey = EC_POINT_new(group);
if (pubkey == NULL) {
bignum_ctx_free(ctx);
@@ -171,8 +165,13 @@ static int ecdh_build_k(ssh_session session) {
return -1;
}
- bignum_bin2bn(buffer, len, session->next_crypto->k);
+ bignum_bin2bn(buffer, len, &session->next_crypto->k);
free(buffer);
+ if (session->next_crypto->k == NULL) {
+ EC_KEY_free(session->next_crypto->ecdh_privkey);
+ session->next_crypto->ecdh_privkey = NULL;
+ return -1;
+ }
EC_KEY_free(session->next_crypto->ecdh_privkey);
session->next_crypto->ecdh_privkey = NULL;
diff --git a/src/known_hosts.c b/src/known_hosts.c
index ab8a3dcb..a9788213 100644
--- a/src/known_hosts.c
+++ b/src/known_hosts.c
@@ -38,15 +38,6 @@
/*todo: remove this include */
#include "libssh/string.h"
-#ifdef HAVE_LIBGCRYPT
-#include <gcrypt.h>
-#elif defined HAVE_LIBCRYPTO
-#include <openssl/pem.h>
-#include <openssl/dsa.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-#endif /* HAVE_LIBCRYPTO */
-
#ifndef _WIN32
# include <netinet/in.h>
# include <arpa/inet.h>
@@ -238,11 +229,7 @@ static int check_public_key(ssh_session session, char **tokens) {
}
/* TODO: fix the hardcoding */
tmpstring->size = htonl(len);
-#ifdef HAVE_LIBGCRYPT
bignum_bn2bin(tmpbn, len, ssh_string_data(tmpstring));
-#elif defined HAVE_LIBCRYPTO
- bignum_bn2bin(tmpbn, ssh_string_data(tmpstring));
-#endif
bignum_free(tmpbn);
if (ssh_buffer_add_ssh_string(pubkey_buffer, tmpstring) < 0) {
ssh_buffer_free(pubkey_buffer);
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index dabf54bc..71eacc8b 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1448,8 +1448,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
#ifdef DEBUG_CRYPTO
ssh_print_hexa("r", ssh_string_data(r), ssh_string_len(r));
#endif
-
- ssh_make_string_bn_inplace(r, sig->ecdsa_sig->r);
+ bignum_free(sig->ecdsa_sig->r);
+ bignum_bin2bn(ssh_string_data(r), ssh_string_len(r), &sig->ecdsa_sig->r);
ssh_string_burn(r);
ssh_string_free(r);
if (sig->ecdsa_sig->r == NULL) {
@@ -1470,7 +1470,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_print_hexa("s", ssh_string_data(s), ssh_string_len(s));
#endif
- ssh_make_string_bn_inplace(s, sig->ecdsa_sig->s);
+ bignum_free(sig->ecdsa_sig->s);
+ bignum_bin2bn(ssh_string_data(s), ssh_string_len(s), &sig->ecdsa_sig->s);
ssh_string_burn(s);
ssh_string_free(s);
if (sig->ecdsa_sig->s == NULL) {