Page MenuHomePhabricator

ssh_curve25519_build_k: uninitialized input to `EVP_PKEY_derive` for HAVE_OPENSSL_X25519 builds can cause sporadic failure
Closed, ResolvedPublic

Description

On master as of d2a32ca6d3c40483a6d10340d3e11da9259e1379, and the 0.9 branch as of b33dcda94d313913a877bc8db006ad02141bc695, the keylen input parameter to the EVP_PKEY_derive function call in ssh_curve25519_build_k is uninitialized for HAVE_OPENSSL_X25519 builds.

In this code segment:

https://gitlab.com/libssh/libssh-mirror/blob/b33dcda94d313913a877bc8db006ad02141bc695/src/curve25519.c#L175-245

Depending on local stack contents at runtime, this can cause sporadic failures of the EVP_PKEY_derive invocation later on that when logged from libssh look something like:

"[libssh] ssh_curve25519_build_k:
   ssh_curve25519_build_k:
   Failed to derive X25519 shared secret:
   error:06000064:public key routines:OPENSSL_internal:BUFFER_TOO_SMALL"

The issue can be reproduced by manually setting the argument to zero here:

https://gitlab.com/libssh/libssh-mirror/blob/d2a32ca6d3c40483a6d10340d3e11da9259e1379/src/curve25519.c#L182

Wanted to file this bug report as a reference point for a proposed fix.