shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2025-5372 libgcrypto: Simplify error checking and handling of return codes in ssh_kdf()

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2025-05-14 14:07:58 +02:00
committed by Andreas Schneider
parent f13b91c2d8
commit a9d8a3d448
1 changed files with 28 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
src/libcrypto.c
View File

@@ -168,7 +168,7 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
uint8_t key_type, unsigned char *output,
size_t requested_len)
{
int rc = -1;
int ret = SSH_ERROR, rv;
#if OPENSSL_VERSION_NUMBER < 0x30000000L
EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
#else
@@ -202,92 +202,86 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L
rc = EVP_KDF_ctrl(ctx,
rv = EVP_KDF_ctrl(ctx,
EVP_KDF_CTRL_SET_MD,
sshkdf_digest_to_md(crypto->digest_type));
if (rc != 1) {
if (rv != 1) {
goto out;
}
rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key, key_len);
if (rc != 1) {
rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key, key_len);
if (rv != 1) {
goto out;
}
rc = EVP_KDF_ctrl(ctx,
rv = EVP_KDF_ctrl(ctx,
EVP_KDF_CTRL_SET_SSHKDF_XCGHASH,
crypto->secret_hash,
crypto->digest_len);
if (rc != 1) {
if (rv != 1) {
goto out;
}
rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, key_type);
if (rc != 1) {
rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, key_type);
if (rv != 1) {
goto out;
}
rc = EVP_KDF_ctrl(ctx,
rv = EVP_KDF_ctrl(ctx,
EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
crypto->session_id,
crypto->session_id_len);
if (rc != 1) {
if (rv != 1) {
goto out;
}
rc = EVP_KDF_derive(ctx, output, requested_len);
if (rc != 1) {
rv = EVP_KDF_derive(ctx, output, requested_len);
if (rv != 1) {
goto out;
}
#else
rc = OSSL_PARAM_BLD_push_utf8_string(param_bld,
rv = OSSL_PARAM_BLD_push_utf8_string(param_bld,
OSSL_KDF_PARAM_DIGEST,
md,
strlen(md));
if (rc != 1) {
rc = -1;
if (rv != 1) {
goto out;
}
rc = OSSL_PARAM_BLD_push_octet_string(param_bld,
rv = OSSL_PARAM_BLD_push_octet_string(param_bld,
OSSL_KDF_PARAM_KEY,
key,
key_len);
if (rc != 1) {
rc = -1;
if (rv != 1) {
goto out;
}
rc = OSSL_PARAM_BLD_push_octet_string(param_bld,
rv = OSSL_PARAM_BLD_push_octet_string(param_bld,
OSSL_KDF_PARAM_SSHKDF_XCGHASH,
crypto->secret_hash,
crypto->digest_len);
if (rc != 1) {
rc = -1;
if (rv != 1) {
goto out;
}
rc = OSSL_PARAM_BLD_push_octet_string(param_bld,
rv = OSSL_PARAM_BLD_push_octet_string(param_bld,
OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
crypto->session_id,
crypto->session_id_len);
if (rc != 1) {
rc = -1;
if (rv != 1) {
goto out;
}
rc = OSSL_PARAM_BLD_push_utf8_string(param_bld,
rv = OSSL_PARAM_BLD_push_utf8_string(param_bld,
OSSL_KDF_PARAM_SSHKDF_TYPE,
(const char *)&key_type,
1);
if (rc != 1) {
rc = -1;
if (rv != 1) {
goto out;
}
params = OSSL_PARAM_BLD_to_param(param_bld);
if (params == NULL) {
rc = -1;
goto out;
}
rc = EVP_KDF_derive(ctx, output, requested_len, params);
if (rc != 1) {
rc = -1;
rv = EVP_KDF_derive(ctx, output, requested_len, params);
if (rv != 1) {
goto out;
}
#endif /* OPENSSL_VERSION_NUMBER */
ret = SSH_OK;
out:
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
@@ -295,8 +289,8 @@ out:
OSSL_PARAM_free(params);
#endif
EVP_KDF_CTX_free(ctx);
if (rc < 0) {
return rc;
if (ret < 0) {
return ret;
}
return 0;
}