1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
From 43b730ce56f010e9d33573fcb020df49798c1ed8 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 10 Sep 2012 15:32:40 +0200
Subject: [PATCH 1/4] kex: do not ignore failure of libssh2_md5_init()
The MD5 algorithm is disabled when running in FIPS mode.
---
src/hostkey.c | 4 +++-
src/kex.c | 13 +++++++++----
src/libgcrypt.h | 6 +++++-
src/libssh2_priv.h | 1 +
src/openssl.h | 3 +++
5 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/src/hostkey.c b/src/hostkey.c
index 53f7479..753563d 100644
--- a/src/hostkey.c
+++ b/src/hostkey.c
@@ -429,7 +429,9 @@ libssh2_hostkey_hash(LIBSSH2_SESSION * session, int hash_type)
switch (hash_type) {
#if LIBSSH2_MD5
case LIBSSH2_HOSTKEY_HASH_MD5:
- return (char *) session->server_hostkey_md5;
+ return (session->server_hostkey_md5_valid)
+ ? (char *) session->server_hostkey_md5
+ : NULL;
break;
#endif /* LIBSSH2_MD5 */
case LIBSSH2_HOSTKEY_HASH_SHA1:
diff --git a/src/kex.c b/src/kex.c
index 0a72cb7..07e717f 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -218,10 +218,15 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
{
libssh2_md5_ctx fingerprint_ctx;
- libssh2_md5_init(&fingerprint_ctx);
- libssh2_md5_update(fingerprint_ctx, session->server_hostkey,
- session->server_hostkey_len);
- libssh2_md5_final(fingerprint_ctx, session->server_hostkey_md5);
+ if (libssh2_md5_init(&fingerprint_ctx)) {
+ libssh2_md5_update(fingerprint_ctx, session->server_hostkey,
+ session->server_hostkey_len);
+ libssh2_md5_final(fingerprint_ctx, session->server_hostkey_md5);
+ session->server_hostkey_md5_valid = TRUE;
+ }
+ else {
+ session->server_hostkey_md5_valid = FALSE;
+ }
}
#ifdef LIBSSH2DEBUG
{
diff --git a/src/libgcrypt.h b/src/libgcrypt.h
index 04516e5..1f0276e 100644
--- a/src/libgcrypt.h
+++ b/src/libgcrypt.h
@@ -68,7 +68,11 @@
gcry_md_hash_buffer (GCRY_MD_SHA1, out, message, len)
#define libssh2_md5_ctx gcry_md_hd_t
-#define libssh2_md5_init(ctx) gcry_md_open (ctx, GCRY_MD_MD5, 0);
+
+/* returns 0 in case of failure */
+#define libssh2_md5_init(ctx) \
+ (GPG_ERR_NO_ERROR == gcry_md_open (ctx, GCRY_MD_MD5, 0))
+
#define libssh2_md5_update(ctx, data, len) gcry_md_write (ctx, data, len)
#define libssh2_md5_final(ctx, out) \
memcpy (out, gcry_md_read (ctx, 0), MD5_DIGEST_LENGTH), gcry_md_close (ctx)
diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h
index 23fbc65..196864d 100644
--- a/src/libssh2_priv.h
+++ b/src/libssh2_priv.h
@@ -597,6 +597,7 @@ struct _LIBSSH2_SESSION
uint32_t server_hostkey_len;
#if LIBSSH2_MD5
unsigned char server_hostkey_md5[MD5_DIGEST_LENGTH];
+ int server_hostkey_md5_valid;
#endif /* ! LIBSSH2_MD5 */
unsigned char server_hostkey_sha1[SHA_DIGEST_LENGTH];
diff --git a/src/openssl.h b/src/openssl.h
index 6d2aeed..4835ab6 100644
--- a/src/openssl.h
+++ b/src/openssl.h
@@ -113,7 +113,10 @@
void libssh2_sha1(const unsigned char *message, unsigned long len, unsigned char *out);
#define libssh2_md5_ctx EVP_MD_CTX
+
+/* returns 0 in case of failure */
#define libssh2_md5_init(ctx) EVP_DigestInit(ctx, EVP_get_digestbyname("md5"))
+
#define libssh2_md5_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len)
#define libssh2_md5_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL)
void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char *out);
--
1.7.1
From bfbb5a4dc75c04b3532063c03b80796dd6d69da4 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 10 Sep 2012 15:59:16 +0200
Subject: [PATCH 2/4] openssl: do not ignore failure of EVP_CipherInit()
---
src/openssl.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/src/openssl.c b/src/openssl.c
index 481982c..c61cb0e 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -175,8 +175,7 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h,
unsigned char *iv, unsigned char *secret, int encrypt)
{
EVP_CIPHER_CTX_init(h);
- EVP_CipherInit(h, algo(), secret, iv, encrypt);
- return 0;
+ return !EVP_CipherInit(h, algo(), secret, iv, encrypt);
}
int
--
1.7.1
From 5d567faecce45a891de2a3e10fad7b221a4f6540 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 11 Sep 2012 09:33:34 +0200
Subject: [PATCH 3/4] crypt: use hard-wired cipher block sizes consistently
---
src/crypt.c | 8 +++++---
src/crypto.h | 2 +-
src/libgcrypt.c | 8 +-------
src/libssh2_priv.h | 2 +-
src/openssl.c | 7 +------
src/transport.c | 3 ++-
6 files changed, 11 insertions(+), 19 deletions(-)
diff --git a/src/crypt.c b/src/crypt.c
index 93d99c4..931ae8b 100644
--- a/src/crypt.c
+++ b/src/crypt.c
@@ -96,11 +96,12 @@ crypt_init(LIBSSH2_SESSION * session,
static int
crypt_encrypt(LIBSSH2_SESSION * session, unsigned char *block,
- void **abstract)
+ size_t blocksize, void **abstract)
{
struct crypt_ctx *cctx = *(struct crypt_ctx **) abstract;
(void) session;
- return _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block);
+ return _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block,
+ blocksize);
}
static int
@@ -248,7 +249,8 @@ crypt_init_arcfour128(LIBSSH2_SESSION * session,
unsigned char block[8];
size_t discard = 1536;
for (; discard; discard -= 8)
- _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block);
+ _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block,
+ method->blocksize);
}
return rc;
diff --git a/src/crypto.h b/src/crypto.h
index 8cf34f5..5dc5931 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -103,7 +103,7 @@ int _libssh2_cipher_init(_libssh2_cipher_ctx * h,
int _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
_libssh2_cipher_type(algo),
- int encrypt, unsigned char *block);
+ int encrypt, unsigned char *block, size_t blocksize);
int _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
unsigned char **method,
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index 5c2787b..29770c7 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -553,17 +553,11 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h,
int
_libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
_libssh2_cipher_type(algo),
- int encrypt, unsigned char *block)
+ int encrypt, unsigned char *block, size_t blklen)
{
int cipher = _libssh2_gcry_cipher (algo);
- size_t blklen = gcry_cipher_get_algo_blklen(cipher);
int ret;
- if (blklen == 1) {
-/* Hack for arcfour. */
- blklen = 8;
- }
-
if (encrypt) {
ret = gcry_cipher_encrypt(*ctx, block, blklen, block, blklen);
} else {
diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h
index 196864d..4ec9f73 100644
--- a/src/libssh2_priv.h
+++ b/src/libssh2_priv.h
@@ -883,7 +883,7 @@ struct _LIBSSH2_CRYPT_METHOD
int *free_iv, unsigned char *secret, int *free_secret,
int encrypt, void **abstract);
int (*crypt) (LIBSSH2_SESSION * session, unsigned char *block,
- void **abstract);
+ size_t blocksize, void **abstract);
int (*dtor) (LIBSSH2_SESSION * session, void **abstract);
_libssh2_cipher_type(algo);
diff --git a/src/openssl.c b/src/openssl.c
index c61cb0e..8643591 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -181,18 +181,13 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h,
int
_libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
_libssh2_cipher_type(algo),
- int encrypt, unsigned char *block)
+ int encrypt, unsigned char *block, size_t blocksize)
{
- int blocksize = ctx->cipher->block_size;
unsigned char buf[EVP_MAX_BLOCK_LENGTH];
int ret;
(void) algo;
(void) encrypt;
- if (blocksize == 1) {
-/* Hack for arcfour. */
- blocksize = 8;
- }
ret = EVP_Cipher(ctx, buf, block, blocksize);
if (ret == 1) {
memcpy(block, buf, blocksize);
diff --git a/src/transport.c b/src/transport.c
index 15425b9..b4ec037 100644
--- a/src/transport.c
+++ b/src/transport.c
@@ -139,7 +139,7 @@ decrypt(LIBSSH2_SESSION * session, unsigned char *source,
assert((len % blocksize) == 0);
while (len >= blocksize) {
- if (session->remote.crypt->crypt(session, source,
+ if (session->remote.crypt->crypt(session, source, blocksize,
&session->remote.crypt_abstract)) {
LIBSSH2_FREE(session, p->payload);
return LIBSSH2_ERROR_DECRYPT;
@@ -846,6 +846,7 @@ int _libssh2_transport_send(LIBSSH2_SESSION *session,
for(i = 0; i < packet_length; i += session->local.crypt->blocksize) {
unsigned char *ptr = &p->outbuf[i];
if (session->local.crypt->crypt(session, ptr,
+ session->local.crypt->blocksize,
&session->local.crypt_abstract))
return LIBSSH2_ERROR_ENCRYPT; /* encryption failure */
}
--
1.7.1
From 9f6fd5af8282ef82c0ff8d89cf9ebc121bb35b59 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 11 Sep 2012 09:02:31 +0200
Subject: [PATCH 4/4] Revert "aes: the init function fails when OpenSSL has AES support"
This partially reverts commit f4f2298ef3635acd031cc2ee0e71026cdcda5864.
We need to use the EVP_aes_???_ctr() functions in FIPS mode.
---
src/openssl.h | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/src/openssl.h b/src/openssl.h
index 4835ab6..6f21a1a 100644
--- a/src/openssl.h
+++ b/src/openssl.h
@@ -151,9 +151,15 @@ void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char
#define _libssh2_cipher_aes256 EVP_aes_256_cbc
#define _libssh2_cipher_aes192 EVP_aes_192_cbc
#define _libssh2_cipher_aes128 EVP_aes_128_cbc
+#ifdef HAVE_EVP_AES_128_CTR
+#define _libssh2_cipher_aes128ctr EVP_aes_128_ctr
+#define _libssh2_cipher_aes192ctr EVP_aes_192_ctr
+#define _libssh2_cipher_aes256ctr EVP_aes_256_ctr
+#else
#define _libssh2_cipher_aes128ctr _libssh2_EVP_aes_128_ctr
#define _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr
#define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr
+#endif
#define _libssh2_cipher_blowfish EVP_bf_cbc
#define _libssh2_cipher_arcfour EVP_rc4
#define _libssh2_cipher_cast5 EVP_cast5_cbc
--
1.7.1
|
