ALP-pool/libssh
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
libssh/libssh-CVE-2025-5372.patch

144 lines
4.6 KiB
Diff
Raw Permalink Blame History

From e2afe196d8d77c42b2a764ae86f92c2964221f69 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 14 May 2025 14:07:58 +0200
Subject: CVE-2025-5372 libgcrypto: Simplify error checking and handling of
return codes in ssh_kdf()
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/libcrypto.c | 62 ++++++++++++++++++++++++++-------------------------------
1 file changed, 28 insertions(+), 34 deletions(-)
Index: libssh-0.10.6/src/libcrypto.c
===================================================================
--- libssh-0.10.6.orig/src/libcrypto.c
+++ libssh-0.10.6/src/libcrypto.c
@@ -163,7 +163,7 @@ int ssh_kdf(struct ssh_crypto_struct *cr
uint8_t key_type, unsigned char *output,
size_t requested_len)
{
- int rc = -1;
+ int ret = SSH_ERROR, rv;
#if OPENSSL_VERSION_NUMBER < 0x30000000L
EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
#else
@@ -185,81 +185,75 @@ int ssh_kdf(struct ssh_crypto_struct *cr
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L
- rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD,
+ rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD,
sshkdf_digest_to_md(crypto->digest_type));
- if (rc != 1) {
+ if (rv != 1) {
goto out;
}
- rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key, key_len);
- if (rc != 1) {
+ rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key, key_len);
+ if (rv != 1) {
goto out;
}
- rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH,
+ rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH,
crypto->secret_hash, crypto->digest_len);
- if (rc != 1) {
+ if (rv != 1) {
goto out;
}
- rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, key_type);
- if (rc != 1) {
+ rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, key_type);
+ if (rv != 1) {
goto out;
}
- rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
+ rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
crypto->session_id, crypto->session_id_len);
- if (rc != 1) {
+ if (rv != 1) {
goto out;
}
- rc = EVP_KDF_derive(ctx, output, requested_len);
- if (rc != 1) {
+ rv = EVP_KDF_derive(ctx, output, requested_len);
+ if (rv != 1) {
goto out;
}
#else
- rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_DIGEST,
+ rv = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_DIGEST,
md, strlen(md));
- if (rc != 1) {
- rc = -1;
+ if (rv != 1) {
goto out;
}
- rc = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY,
+ rv = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY,
key, key_len);
- if (rc != 1) {
- rc = -1;
+ if (rv != 1) {
goto out;
}
- rc = OSSL_PARAM_BLD_push_octet_string(param_bld,
+ rv = OSSL_PARAM_BLD_push_octet_string(param_bld,
OSSL_KDF_PARAM_SSHKDF_XCGHASH,
crypto->secret_hash,
crypto->digest_len);
- if (rc != 1) {
- rc = -1;
+ if (rv != 1) {
goto out;
}
- rc = OSSL_PARAM_BLD_push_octet_string(param_bld,
+ rv = OSSL_PARAM_BLD_push_octet_string(param_bld,
OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
crypto->session_id,
crypto->session_id_len);
- if (rc != 1) {
- rc = -1;
+ if (rv != 1) {
goto out;
}
- rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_SSHKDF_TYPE,
+ rv = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_SSHKDF_TYPE,
(const char*)&key_type, 1);
- if (rc != 1) {
- rc = -1;
+ if (rv != 1) {
goto out;
}
params = OSSL_PARAM_BLD_to_param(param_bld);
if (params == NULL) {
- rc = -1;
goto out;
}
- rc = EVP_KDF_derive(ctx, output, requested_len, params);
- if (rc != 1) {
- rc = -1;
+ rv = EVP_KDF_derive(ctx, output, requested_len, params);
+ if (rv != 1) {
goto out;
}
#endif /* OPENSSL_VERSION_NUMBER */
+ ret = SSH_OK;
out:
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
@@ -267,8 +261,8 @@ out:
OSSL_PARAM_free(params);
#endif
EVP_KDF_CTX_free(ctx);
- if (rc < 0) {
- return rc;
+ if (ret < 0) {
+ return ret;
}
return 0;
}
Reference in New Issue View Git Blame Copy Permalink