summaryrefslogtreecommitdiff
path: root/kexecdhc.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2013-09-14 23:42:11 +0100
committerColin Watson <cjwatson@debian.org>2013-09-14 23:42:11 +0100
commit327155e6824b3ee13837bdde04e4eb47e147ff46 (patch)
tree8f8743122403c7a2e6ed919156711fb1520c657f /kexecdhc.c
parent0334ce32304e9ba2a10ee5ca49ca6e8ff3ba6cf4 (diff)
parent74e339b8f8936bc0d985e053a076d0c9b5e9ea51 (diff)
* New upstream release (http://www.openssh.com/txt/release-6.3).
- sftp(1): add support for resuming partial downloads using the "reget" command and on the sftp commandline or on the "get" commandline using the "-a" (append) option (closes: #158590). - ssh(1): add an "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives (closes: #436052). - sftp(1): update progressmeter when data is acknowledged, not when it's sent (partially addresses #708372). - ssh(1): do not fatally exit when attempting to cleanup multiplexing- created channels that are incompletely opened (closes: #651357).
Diffstat (limited to 'kexecdhc.c')
-rw-r--r--kexecdhc.c13
1 files changed, 5 insertions, 8 deletions
diff --git a/kexecdhc.c b/kexecdhc.c
index 115d4bf83..6193836c7 100644
--- a/kexecdhc.c
+++ b/kexecdhc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexecdhc.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */ 1/* $OpenBSD: kexecdhc.c,v 1.4 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -57,11 +57,8 @@ kexecdh_client(Kex *kex)
57 u_char *server_host_key_blob = NULL, *signature = NULL; 57 u_char *server_host_key_blob = NULL, *signature = NULL;
58 u_char *kbuf, *hash; 58 u_char *kbuf, *hash;
59 u_int klen, slen, sbloblen, hashlen; 59 u_int klen, slen, sbloblen, hashlen;
60 int curve_nid;
61 60
62 if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1) 61 if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)
63 fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name);
64 if ((client_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL)
65 fatal("%s: EC_KEY_new_by_curve_name failed", __func__); 62 fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
66 if (EC_KEY_generate_key(client_key) != 1) 63 if (EC_KEY_generate_key(client_key) != 1)
67 fatal("%s: EC_KEY_generate_key failed", __func__); 64 fatal("%s: EC_KEY_generate_key failed", __func__);
@@ -123,7 +120,7 @@ kexecdh_client(Kex *kex)
123 if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) 120 if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
124 fatal("%s: BN_bin2bn failed", __func__); 121 fatal("%s: BN_bin2bn failed", __func__);
125 memset(kbuf, 0, klen); 122 memset(kbuf, 0, klen);
126 xfree(kbuf); 123 free(kbuf);
127 124
128 /* calc and verify H */ 125 /* calc and verify H */
129 kex_ecdh_hash( 126 kex_ecdh_hash(
@@ -139,14 +136,14 @@ kexecdh_client(Kex *kex)
139 shared_secret, 136 shared_secret,
140 &hash, &hashlen 137 &hash, &hashlen
141 ); 138 );
142 xfree(server_host_key_blob); 139 free(server_host_key_blob);
143 EC_POINT_clear_free(server_public); 140 EC_POINT_clear_free(server_public);
144 EC_KEY_free(client_key); 141 EC_KEY_free(client_key);
145 142
146 if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) 143 if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
147 fatal("key_verify failed for server_host_key"); 144 fatal("key_verify failed for server_host_key");
148 key_free(server_host_key); 145 key_free(server_host_key);
149 xfree(signature); 146 free(signature);
150 147
151 /* save session id */ 148 /* save session id */
152 if (kex->session_id == NULL) { 149 if (kex->session_id == NULL) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-02 15:14:23 +0000