shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 10:40:27 +09:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2025-5372 libgcrypto: Simplify error checking and handling of return codes in ssh_kdf()

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2025-05-14 14:07:58 +02:00
committed by Andreas Schneider
parent f13b91c2d8
commit a9d8a3d448
1 changed files with 28 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
src/libcrypto.c
View File

@@ -168,7 +168,7 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
uint8_t key_type, unsigned char *output, uint8_t key_type, unsigned char *output,
size_t requested_len) size_t requested_len)
{ {
int rc = -1; int ret = SSH_ERROR, rv;
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF); EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
#else #else
@@ -202,92 +202,86 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
} }
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
rc = EVP_KDF_ctrl(ctx, rv = EVP_KDF_ctrl(ctx,
EVP_KDF_CTRL_SET_MD, EVP_KDF_CTRL_SET_MD,
sshkdf_digest_to_md(crypto->digest_type)); sshkdf_digest_to_md(crypto->digest_type));
if (rc != 1) { if (rv != 1) {
goto out; goto out;
} }
rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key, key_len); rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key, key_len);
if (rc != 1) { if (rv != 1) {
goto out; goto out;
} }
rc = EVP_KDF_ctrl(ctx, rv = EVP_KDF_ctrl(ctx,
EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH,
crypto->secret_hash, crypto->secret_hash,
crypto->digest_len); crypto->digest_len);
if (rc != 1) { if (rv != 1) {
goto out; goto out;
} }
rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, key_type); rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, key_type);
if (rc != 1) { if (rv != 1) {
goto out; goto out;
} }
rc = EVP_KDF_ctrl(ctx, rv = EVP_KDF_ctrl(ctx,
EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
crypto->session_id, crypto->session_id,
crypto->session_id_len); crypto->session_id_len);
if (rc != 1) { if (rv != 1) {
goto out; goto out;
} }
rc = EVP_KDF_derive(ctx, output, requested_len); rv = EVP_KDF_derive(ctx, output, requested_len);
if (rc != 1) { if (rv != 1) {
goto out; goto out;
} }
#else #else
rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, rv = OSSL_PARAM_BLD_push_utf8_string(param_bld,
OSSL_KDF_PARAM_DIGEST, OSSL_KDF_PARAM_DIGEST,
md, md,
strlen(md)); strlen(md));
if (rc != 1) { if (rv != 1) {
rc = -1;
goto out; goto out;
} }
rc = OSSL_PARAM_BLD_push_octet_string(param_bld, rv = OSSL_PARAM_BLD_push_octet_string(param_bld,
OSSL_KDF_PARAM_KEY, OSSL_KDF_PARAM_KEY,
key, key,
key_len); key_len);
if (rc != 1) { if (rv != 1) {
rc = -1;
goto out; goto out;
} }
rc = OSSL_PARAM_BLD_push_octet_string(param_bld, rv = OSSL_PARAM_BLD_push_octet_string(param_bld,
OSSL_KDF_PARAM_SSHKDF_XCGHASH, OSSL_KDF_PARAM_SSHKDF_XCGHASH,
crypto->secret_hash, crypto->secret_hash,
crypto->digest_len); crypto->digest_len);
if (rc != 1) { if (rv != 1) {
rc = -1;
goto out; goto out;
} }
rc = OSSL_PARAM_BLD_push_octet_string(param_bld, rv = OSSL_PARAM_BLD_push_octet_string(param_bld,
OSSL_KDF_PARAM_SSHKDF_SESSION_ID, OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
crypto->session_id, crypto->session_id,
crypto->session_id_len); crypto->session_id_len);
if (rc != 1) { if (rv != 1) {
rc = -1;
goto out; goto out;
} }
rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, rv = OSSL_PARAM_BLD_push_utf8_string(param_bld,
OSSL_KDF_PARAM_SSHKDF_TYPE, OSSL_KDF_PARAM_SSHKDF_TYPE,
(const char *)&key_type, (const char *)&key_type,
1); 1);
if (rc != 1) { if (rv != 1) {
rc = -1;
goto out; goto out;
} }
params = OSSL_PARAM_BLD_to_param(param_bld); params = OSSL_PARAM_BLD_to_param(param_bld);
if (params == NULL) { if (params == NULL) {
rc = -1;
goto out; goto out;
} }
rc = EVP_KDF_derive(ctx, output, requested_len, params); rv = EVP_KDF_derive(ctx, output, requested_len, params);
if (rc != 1) { if (rv != 1) {
rc = -1;
goto out; goto out;
} }
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_VERSION_NUMBER */
ret = SSH_OK;
out: out:
#if OPENSSL_VERSION_NUMBER >= 0x30000000L #if OPENSSL_VERSION_NUMBER >= 0x30000000L
@@ -295,8 +289,8 @@ out:
OSSL_PARAM_free(params); OSSL_PARAM_free(params);
#endif #endif
EVP_KDF_CTX_free(ctx); EVP_KDF_CTX_free(ctx);
if (rc < 0) { if (ret < 0) {
return rc; return ret;
} }
return 0; return 0;
} }