summaryrefslogtreecommitdiff
path: root/authfile.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2010-11-05 10:19:49 +1100
committerDamien Miller <djm@mindrot.org>2010-11-05 10:19:49 +1100
commitb472a90d4ceca15620aa525099bf4b2d5ba8a59b (patch)
treef4b9c97b1c3d78f68da5159852b7593a280edcf5 /authfile.c
parent3a0e9f6479d50a95b5ccd7d7668b0ff45571de9c (diff)
- djm@cvs.openbsd.org 2010/10/28 11:22:09
[authfile.c key.c key.h ssh-keygen.c] fix a possible NULL deref on loading a corrupt ECDH key store ECDH group information in private keys files as "named groups" rather than as a set of explicit group parameters (by setting the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and retrieves the group's OpenSSL NID that we need for various things.
Diffstat (limited to 'authfile.c')
-rw-r--r--authfile.c14
1 files changed, 5 insertions, 9 deletions
diff --git a/authfile.c b/authfile.c
index b1e3eda5c..7f98ab547 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.84 2010/09/08 03:54:36 djm Exp $ */ 1/* $OpenBSD: authfile.c,v 1.85 2010/10/28 11:22:09 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -523,13 +523,9 @@ key_load_private_pem(int fd, int type, const char *passphrase,
523 prv = key_new(KEY_UNSPEC); 523 prv = key_new(KEY_UNSPEC);
524 prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk); 524 prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk);
525 prv->type = KEY_ECDSA; 525 prv->type = KEY_ECDSA;
526 prv->ecdsa_nid = key_ecdsa_group_to_nid( 526 if ((prv->ecdsa_nid = key_ecdsa_key_to_nid(prv->ecdsa)) == -1 ||
527 EC_KEY_get0_group(prv->ecdsa)); 527 key_curve_nid_to_name(prv->ecdsa_nid) == NULL ||
528 if (key_curve_nid_to_name(prv->ecdsa_nid) == NULL) { 528 key_ec_validate_public(EC_KEY_get0_group(prv->ecdsa),
529 key_free(prv);
530 prv = NULL;
531 }
532 if (key_ec_validate_public(EC_KEY_get0_group(prv->ecdsa),
533 EC_KEY_get0_public_key(prv->ecdsa)) != 0 || 529 EC_KEY_get0_public_key(prv->ecdsa)) != 0 ||
534 key_ec_validate_private(prv->ecdsa) != 0) { 530 key_ec_validate_private(prv->ecdsa) != 0) {
535 error("%s: bad ECDSA key", __func__); 531 error("%s: bad ECDSA key", __func__);
@@ -538,7 +534,7 @@ key_load_private_pem(int fd, int type, const char *passphrase,
538 } 534 }
539 name = "ecdsa w/o comment"; 535 name = "ecdsa w/o comment";
540#ifdef DEBUG_PK 536#ifdef DEBUG_PK
541 if (prv->ecdsa != NULL) 537 if (prv != NULL && prv->ecdsa != NULL)
542 key_dump_ec_key(prv->ecdsa); 538 key_dump_ec_key(prv->ecdsa);
543#endif 539#endif
544#endif /* OPENSSL_HAS_ECC */ 540#endif /* OPENSSL_HAS_ECC */
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-01 07:25:17 +0000