登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
9 Star 0 Fork 22

src-openEuler/libssh

代码 Issues 0 Pull Requests 1 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
backport-0014-CVE-2023-48795-tests-Adjust-calculation-to-strict-ke.patch 4.66 KB
一键复制 编辑 原始数据 按行查看 历史
renmingshuai 提交于 2024-01-04 09:45 . fix CVE-2023-6004,CVE-2023-48795 and CVE-2023-6918
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
From 89df759200d31fc79fbbe213d8eda0d329eebf6d Mon Sep 17 00:00:00 2001

From: Jakub Jelen <[email protected]>

Date: Thu, 14 Dec 2023 12:47:48 +0100

Subject: [PATCH 14/20] CVE-2023-48795: tests: Adjust calculation to strict kex



Signed-off-by: Jakub Jelen <[email protected]>

Reviewed-by: Andreas Schneider <[email protected]>

---

 tests/client/torture_rekey.c | 55 ++++++++++++++++++++----------------

 1 file changed, 31 insertions(+), 24 deletions(-)



diff --git a/tests/client/torture_rekey.c b/tests/client/torture_rekey.c

index ccd5ae2c..57e03e3f 100644

--- a/tests/client/torture_rekey.c

+++ b/tests/client/torture_rekey.c

@@ -148,6 +148,29 @@ static void torture_rekey_default(void **state)

     ssh_disconnect(s->ssh.session);

 }

 

+static void sanity_check_session(void **state)

+{

+    struct torture_state *s = *state;

+    struct ssh_crypto_struct *c = NULL;

+

+    c = s->ssh.session->current_crypto;

+    assert_non_null(c);

+    assert_int_equal(c->in_cipher->max_blocks,

+                     bytes / c->in_cipher->blocksize);

+    assert_int_equal(c->out_cipher->max_blocks,

+                     bytes / c->out_cipher->blocksize);

+    /* when strict kex is used, the newkeys reset the sequence number */

+    if ((s->ssh.session->flags & SSH_SESSION_FLAG_KEX_STRICT) != 0) {

+        assert_int_equal(c->out_cipher->packets, s->ssh.session->send_seq);

+        assert_int_equal(c->in_cipher->packets, s->ssh.session->recv_seq);

+    } else {

+        /* Otherwise we have less encrypted packets than transferred

+         * (first are not encrypted) */

+        assert_true(c->out_cipher->packets < s->ssh.session->send_seq);

+        assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);

+    }

+}

+

 /* We lower the rekey limits manually and check that the rekey

  * really happens when sending data

  */

@@ -166,16 +189,10 @@ static void torture_rekey_send(void **state)

     rc = ssh_connect(s->ssh.session);

     assert_ssh_return_code(s->ssh.session, rc);

 

-    /* The blocks limit is set correctly */

-    c = s->ssh.session->current_crypto;

-    assert_int_equal(c->in_cipher->max_blocks,

-                     bytes / c->in_cipher->blocksize);

-    assert_int_equal(c->out_cipher->max_blocks,

-                     bytes / c->out_cipher->blocksize);

-    /* We should have less encrypted packets than transferred (first are not encrypted) */

-    assert_true(c->out_cipher->packets < s->ssh.session->send_seq);

-    assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);

+    sanity_check_session(state);

     /* Copy the initial secret hash = session_id so we know we changed keys later */

+    c = s->ssh.session->current_crypto;

+    assert_non_null(c);

     secret_hash = malloc(c->digest_len);

     assert_non_null(secret_hash);

     memcpy(secret_hash, c->secret_hash, c->digest_len);

@@ -273,15 +290,10 @@ static void torture_rekey_recv(void **state)

     mode_t mask;

     int rc;

 

-    /* The blocks limit is set correctly */

+    sanity_check_session(state);

+    /* Copy the initial secret hash = session_id so we know we changed keys later */

     c = s->ssh.session->current_crypto;

     assert_non_null(c);

-    assert_int_equal(c->in_cipher->max_blocks, bytes / c->in_cipher->blocksize);

-    assert_int_equal(c->out_cipher->max_blocks, bytes / c->out_cipher->blocksize);

-    /* We should have less encrypted packets than transferred (first are not encrypted) */

-    assert_true(c->out_cipher->packets < s->ssh.session->send_seq);

-    assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);

-    /* Copy the initial secret hash = session_id so we know we changed keys later */

     secret_hash = malloc(c->digest_len);

     assert_non_null(secret_hash);

     memcpy(secret_hash, c->secret_hash, c->digest_len);

@@ -468,15 +480,10 @@ static void torture_rekey_different_kex(void **state)

     assert_ssh_return_code(s->ssh.session, rc);

 

     /* The blocks limit is set correctly */

-    c = s->ssh.session->current_crypto;

-    assert_int_equal(c->in_cipher->max_blocks,

-                     bytes / c->in_cipher->blocksize);

-    assert_int_equal(c->out_cipher->max_blocks,

-                     bytes / c->out_cipher->blocksize);

-    /* We should have less encrypted packets than transferred (first are not encrypted) */

-    assert_true(c->out_cipher->packets < s->ssh.session->send_seq);

-    assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);

+    sanity_check_session(state);

     /* Copy the initial secret hash = session_id so we know we changed keys later */

+    c = s->ssh.session->current_crypto;

+    assert_non_null(c);

     secret_hash = malloc(c->digest_len);

     assert_non_null(secret_hash);

     memcpy(secret_hash, c->secret_hash, c->digest_len);

-- 

2.33.0
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/src-openeuler/libssh.git
[email protected]:src-openeuler/libssh.git
src-openeuler
libssh
libssh
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部