diff options
author | Aris Adamantiadis <aris@0xbadc0de.be> | 2015-12-31 10:48:34 +0100 |
---|---|---|
committer | Aris Adamantiadis <aris@0xbadc0de.be> | 2017-06-08 10:45:54 +0200 |
commit | 284b6961511e9903267cc7d66d2e1477f70db6b4 (patch) | |
tree | c4cc2102cb4780505c5e9acc40ae9421e1df8fc3 | |
parent | 4bea350f983a4668e1bcd920472a7193f8a7be32 (diff) | |
download | libssh-284b6961511e9903267cc7d66d2e1477f70db6b4.tar.gz libssh-284b6961511e9903267cc7d66d2e1477f70db6b4.tar.xz libssh-284b6961511e9903267cc7d66d2e1477f70db6b4.zip |
bignum: harmonize gcrypt and libcrypto usage
Conflicts:
src/bignum.c
src/curve25519.c
src/ecdh.c
src/pki_crypto.c
-rw-r--r-- | include/libssh/bignum.h | 1 | ||||
-rw-r--r-- | include/libssh/libcrypto.h | 11 | ||||
-rw-r--r-- | include/libssh/libgcrypt.h | 8 | ||||
-rw-r--r-- | src/bignum.c | 24 | ||||
-rw-r--r-- | src/curve25519.c | 15 | ||||
-rw-r--r-- | src/dh.c | 75 | ||||
-rw-r--r-- | src/ecdh_crypto.c | 14 | ||||
-rw-r--r-- | src/known_hosts.c | 13 |
8 files changed, 30 insertions, 131 deletions
diff --git a/include/libssh/bignum.h b/include/libssh/bignum.h index 71970e3e..b29883fd 100644 --- a/include/libssh/bignum.h +++ b/include/libssh/bignum.h @@ -25,7 +25,6 @@ #include "libssh/libgcrypt.h" bignum ssh_make_string_bn(ssh_string string); -void ssh_make_string_bn_inplace(ssh_string string, bignum bnout); ssh_string ssh_make_bignum_string(bignum num); void ssh_print_bignum(const char *which, const bignum num); diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h index 8f29253c..2f8099ee 100644 --- a/include/libssh/libcrypto.h +++ b/include/libssh/libcrypto.h @@ -69,18 +69,23 @@ typedef BN_CTX* bignum_CTX; #define bignum_new() BN_new() #define bignum_free(num) BN_clear_free(num) #define bignum_set_word(bn,n) BN_set_word(bn,n) -#define bignum_bin2bn(bn,datalen,data) BN_bin2bn(bn,datalen,data) +#define bignum_bin2bn(data,datalen,dest) do { \ + (*dest)=BN_new(); \ + if ((*dest) != NULL) \ + BN_bin2bn(data,datalen,(*dest)); \ + } while(0) #define bignum_bn2dec(num) BN_bn2dec(num) #define bignum_dec2bn(bn,data) BN_dec2bn(data,bn) -#define bignum_bn2hex(num) BN_bn2hex(num) +#define bignum_bn2hex(num, dest) (*dest)=(unsigned char *)BN_bn2hex(num) #define bignum_rand(rnd, bits) BN_rand(rnd,bits,0,1) #define bignum_ctx_new() BN_CTX_new() #define bignum_ctx_free(num) BN_CTX_free(num) +#define bignum_ctx_invalid(ctx) ((ctx) == NULL) #define bignum_mod_exp(dest,generator,exp,modulo,ctx) BN_mod_exp(dest,generator,exp,modulo,ctx) #define bignum_num_bytes(num) BN_num_bytes(num) #define bignum_num_bits(num) BN_num_bits(num) #define bignum_is_bit_set(num,bit) BN_is_bit_set(num,bit) -#define bignum_bn2bin(num,ptr) BN_bn2bin(num,ptr) +#define bignum_bn2bin(num,len, ptr) BN_bn2bin(num,ptr) #define bignum_cmp(num1,num2) BN_cmp(num1,num2) #endif /* HAVE_LIBCRYPTO */ diff --git a/include/libssh/libgcrypt.h b/include/libssh/libgcrypt.h index 69e47683..c89ef169 100644 --- a/include/libssh/libgcrypt.h +++ b/include/libssh/libgcrypt.h @@ -50,6 +50,7 @@ typedef gcry_md_hd_t EVPCTX; #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE typedef gcry_mpi_t bignum; +typedef void* bignum_CTX; /* Constants for curves. */ #define NID_gcrypt_nistp256 0 @@ -62,14 +63,17 @@ char *ssh_gcry_bn2dec(bignum bn); #define bignum_new() gcry_mpi_new(0) #define bignum_free(num) gcry_mpi_release(num) +#define bignum_ctx_new() NULL +#define bignum_ctx_free(num) do {(num) = NULL;} while(0) +#define bignum_ctx_invalid(ctx) 0 #define bignum_set_word(bn,n) gcry_mpi_set_ui(bn,n) -#define bignum_bin2bn(bn,datalen,data) gcry_mpi_scan(data,GCRYMPI_FMT_USG,bn,datalen,NULL) +#define bignum_bin2bn(data,datalen,dest) gcry_mpi_scan(dest,GCRYMPI_FMT_USG,data,datalen,NULL) #define bignum_bn2dec(num) ssh_gcry_bn2dec(num) #define bignum_dec2bn(num, data) ssh_gcry_dec2bn(data, num) #define bignum_bn2hex(num,data) gcry_mpi_aprint(GCRYMPI_FMT_HEX,data,NULL,num) #define bignum_hex2bn(num,datalen,data) gcry_mpi_scan(num,GCRYMPI_FMT_HEX,data,datalen,NULL) #define bignum_rand(num,bits) gcry_mpi_randomize(num,bits,GCRY_STRONG_RANDOM),gcry_mpi_set_bit(num,bits-1),gcry_mpi_set_bit(num,0) -#define bignum_mod_exp(dest,generator,exp,modulo) gcry_mpi_powm(dest,generator,exp,modulo) +#define bignum_mod_exp(dest,generator,exp,modulo, ctx) gcry_mpi_powm(dest,generator,exp,modulo) #define bignum_num_bits(num) gcry_mpi_get_nbits(num) #define bignum_num_bytes(num) ((gcry_mpi_get_nbits(num)+7)/8) #define bignum_is_bit_set(num,bit) gcry_mpi_test_bit(num,bit) diff --git a/src/bignum.c b/src/bignum.c index fd6cf954..7fe8957b 100644 --- a/src/bignum.c +++ b/src/bignum.c @@ -54,11 +54,7 @@ ssh_string ssh_make_bignum_string(bignum num) { ptr->data[0] = 0; } -#ifdef HAVE_LIBGCRYPT bignum_bn2bin(num, len, ptr->data + pad); -#elif HAVE_LIBCRYPTO - bignum_bn2bin(num, ptr->data + pad); -#endif return ptr; } @@ -72,35 +68,15 @@ bignum ssh_make_string_bn(ssh_string string){ len * 8, len); #endif /* DEBUG_CRYPTO */ -#ifdef HAVE_LIBGCRYPT bignum_bin2bn(string->data, len, &bn); -#elif defined HAVE_LIBCRYPTO - bn = bignum_bin2bn(string->data, len, NULL); -#endif return bn; } -void ssh_make_string_bn_inplace(ssh_string string, bignum bnout) { - unsigned int len = ssh_string_len(string); -#ifdef HAVE_LIBGCRYPT - /* XXX: FIXME as needed for LIBGCRYPT ECDSA codepaths. */ - (void) len; - (void) bnout; -#elif defined HAVE_LIBCRYPTO - bignum_bin2bn(string->data, len, bnout); -#endif -} - /* prints the bignum on stderr */ void ssh_print_bignum(const char *which, const bignum num) { -#ifdef HAVE_LIBGCRYPT unsigned char *hex = NULL; bignum_bn2hex(num, &hex); -#elif defined HAVE_LIBCRYPTO - char *hex = NULL; - hex = bignum_bn2hex(num); -#endif fprintf(stderr, "%s value: ", which); fprintf(stderr, "%s\n", (hex == NULL) ? "(null)" : (char *) hex); #ifdef HAVE_LIBGCRYPT diff --git a/src/curve25519.c b/src/curve25519.c index b6cd36a3..e42101cc 100644 --- a/src/curve25519.c +++ b/src/curve25519.c @@ -86,14 +86,6 @@ int ssh_client_curve25519_init(ssh_session session){ static int ssh_curve25519_build_k(ssh_session session) { ssh_curve25519_pubkey k; -#ifdef HAVE_LIBCRYPTO - session->next_crypto->k = bignum_new(); - - if (session->next_crypto->k == NULL) { - return SSH_ERROR; - } -#endif - if (session->server) crypto_scalarmult(k, session->next_crypto->curve25519_privkey, session->next_crypto->curve25519_client_pubkey); @@ -101,11 +93,10 @@ static int ssh_curve25519_build_k(ssh_session session) { crypto_scalarmult(k, session->next_crypto->curve25519_privkey, session->next_crypto->curve25519_server_pubkey); -#ifdef HAVE_LIBGCRYPT bignum_bin2bn(k, CURVE25519_PUBKEY_SIZE, &session->next_crypto->k); -#elif defined HAVE_LIBCRYPTO - bignum_bin2bn(k, CURVE25519_PUBKEY_SIZE, session->next_crypto->k); -#endif + if (session->next_crypto->k == NULL) { + return SSH_ERROR; + } #ifdef DEBUG_CRYPTO ssh_print_hexa("Session server cookie", @@ -134,12 +134,11 @@ int ssh_dh_init(void) { } bignum_set_word(g,g_int); -#ifdef HAVE_LIBGCRYPT bignum_bin2bn(p_group1_value, P_GROUP1_LEN, &p_group1); if (p_group1 == NULL) { bignum_free(g); g = NULL; - return -1; + return SSH_ERROR; } bignum_bin2bn(p_group14_value, P_GROUP14_LEN, &p_group14); if (p_group14 == NULL) { @@ -147,28 +146,9 @@ int ssh_dh_init(void) { bignum_free(p_group1); g = NULL; p_group1 = NULL; - return -1; - } - -#elif defined HAVE_LIBCRYPTO - p_group1 = bignum_new(); - if (p_group1 == NULL) { - bignum_free(g); - g = NULL; - return -1; - } - bignum_bin2bn(p_group1_value, P_GROUP1_LEN, p_group1); - - p_group14 = bignum_new(); - if (p_group14 == NULL) { - bignum_free(g); - bignum_free(p_group1); - g = NULL; - p_group1 = NULL; return SSH_ERROR; } - bignum_bin2bn(p_group14_value, P_GROUP14_LEN, p_group14); -#endif + dh_crypto_initialized = 1; } @@ -238,72 +218,48 @@ int ssh_dh_generate_y(ssh_session session) { /* used by server */ int ssh_dh_generate_e(ssh_session session) { -#ifdef HAVE_LIBCRYPTO bignum_CTX ctx = bignum_ctx_new(); - if (ctx == NULL) { + if (bignum_ctx_invalid(ctx)) { return -1; } -#endif session->next_crypto->e = bignum_new(); if (session->next_crypto->e == NULL) { -#ifdef HAVE_LIBCRYPTO bignum_ctx_free(ctx); -#endif return -1; } -#ifdef HAVE_LIBGCRYPT - bignum_mod_exp(session->next_crypto->e, g, session->next_crypto->x, - select_p(session->next_crypto->kex_type)); -#elif defined HAVE_LIBCRYPTO bignum_mod_exp(session->next_crypto->e, g, session->next_crypto->x, select_p(session->next_crypto->kex_type), ctx); -#endif #ifdef DEBUG_CRYPTO ssh_print_bignum("e", session->next_crypto->e); #endif -#ifdef HAVE_LIBCRYPTO bignum_ctx_free(ctx); -#endif return 0; } int ssh_dh_generate_f(ssh_session session) { -#ifdef HAVE_LIBCRYPTO bignum_CTX ctx = bignum_ctx_new(); - if (ctx == NULL) { + if (bignum_ctx_invalid(ctx)) { return -1; - } -#endif + } session->next_crypto->f = bignum_new(); if (session->next_crypto->f == NULL) { -#ifdef HAVE_LIBCRYPTO bignum_ctx_free(ctx); -#endif return -1; } -#ifdef HAVE_LIBGCRYPT - bignum_mod_exp(session->next_crypto->f, g, session->next_crypto->y, - select_p(session->next_crypto->kex_type)); -#elif defined HAVE_LIBCRYPTO bignum_mod_exp(session->next_crypto->f, g, session->next_crypto->y, select_p(session->next_crypto->kex_type), ctx); -#endif - #ifdef DEBUG_CRYPTO ssh_print_bignum("f", session->next_crypto->f); #endif -#ifdef HAVE_LIBCRYPTO bignum_ctx_free(ctx); -#endif - return 0; } @@ -348,31 +304,18 @@ int ssh_dh_import_e(ssh_session session, ssh_string e_string) { } int ssh_dh_build_k(ssh_session session) { -#ifdef HAVE_LIBCRYPTO bignum_CTX ctx = bignum_ctx_new(); - if (ctx == NULL) { + if (bignum_ctx_invalid(ctx)) { return -1; } -#endif session->next_crypto->k = bignum_new(); if (session->next_crypto->k == NULL) { -#ifdef HAVE_LIBCRYPTO bignum_ctx_free(ctx); -#endif return -1; } - /* the server and clients don't use the same numbers */ -#ifdef HAVE_LIBGCRYPT - if(session->client) { - bignum_mod_exp(session->next_crypto->k, session->next_crypto->f, - session->next_crypto->x, select_p(session->next_crypto->kex_type)); - } else { - bignum_mod_exp(session->next_crypto->k, session->next_crypto->e, - session->next_crypto->y, select_p(session->next_crypto->kex_type)); - } -#elif defined HAVE_LIBCRYPTO + /* the server and clients don't use the same numbers */ if (session->client) { bignum_mod_exp(session->next_crypto->k, session->next_crypto->f, session->next_crypto->x, select_p(session->next_crypto->kex_type), ctx); @@ -380,7 +323,6 @@ int ssh_dh_build_k(ssh_session session) { bignum_mod_exp(session->next_crypto->k, session->next_crypto->e, session->next_crypto->y, select_p(session->next_crypto->kex_type), ctx); } -#endif #ifdef DEBUG_CRYPTO ssh_print_hexa("Session server cookie", @@ -390,10 +332,7 @@ int ssh_dh_build_k(ssh_session session) { ssh_print_bignum("Shared secret key", session->next_crypto->k); #endif -#ifdef HAVE_LIBCRYPTO bignum_ctx_free(ctx); -#endif - return 0; } diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c index e2dd390e..8512acc5 100644 --- a/src/ecdh_crypto.c +++ b/src/ecdh_crypto.c @@ -105,12 +105,6 @@ int ecdh_build_k(ssh_session session) { return -1; } - session->next_crypto->k = bignum_new(); - if (session->next_crypto->k == NULL) { - bignum_ctx_free(ctx); - return -1; - } - pubkey = EC_POINT_new(group); if (pubkey == NULL) { bignum_ctx_free(ctx); @@ -153,9 +147,13 @@ int ecdh_build_k(ssh_session session) { return -1; } - bignum_bin2bn(buffer, len, session->next_crypto->k); + bignum_bin2bn(buffer, len, &session->next_crypto->k); free(buffer); - + if (session->next_crypto->k == NULL) { + EC_KEY_free(session->next_crypto->ecdh_privkey); + session->next_crypto->ecdh_privkey = NULL; + return -1; + } EC_KEY_free(session->next_crypto->ecdh_privkey); session->next_crypto->ecdh_privkey = NULL; diff --git a/src/known_hosts.c b/src/known_hosts.c index 2f66cc27..455ea8b7 100644 --- a/src/known_hosts.c +++ b/src/known_hosts.c @@ -38,15 +38,6 @@ /*todo: remove this include */ #include "libssh/string.h" -#ifdef HAVE_LIBGCRYPT -#include <gcrypt.h> -#elif defined HAVE_LIBCRYPTO -#include <openssl/pem.h> -#include <openssl/dsa.h> -#include <openssl/err.h> -#include <openssl/rsa.h> -#endif /* HAVE_LIBCRYPTO */ - #ifndef _WIN32 # include <netinet/in.h> # include <arpa/inet.h> @@ -238,11 +229,7 @@ static int check_public_key(ssh_session session, char **tokens) { } /* TODO: fix the hardcoding */ tmpstring->size = htonl(len); -#ifdef HAVE_LIBGCRYPT bignum_bn2bin(tmpbn, len, ssh_string_data(tmpstring)); -#elif defined HAVE_LIBCRYPTO - bignum_bn2bin(tmpbn, ssh_string_data(tmpstring)); -#endif bignum_free(tmpbn); if (ssh_buffer_add_ssh_string(pubkey_buffer, tmpstring) < 0) { ssh_buffer_free(pubkey_buffer); |