diff options
author | Colin Watson <cjwatson@debian.org> | 2013-09-14 15:43:03 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2013-09-14 15:43:03 +0100 |
commit | 8faf8c84430cf3c19705b1d9f8889d256e7fd1fd (patch) | |
tree | e6cb74192adb00fda5e4d1457547851d7e0d86af /kexecdhc.c | |
parent | 328b60656f29db6306994d7498dede386ec2d1c3 (diff) | |
parent | c41345ad7ee5a22689e2c009595e85fa27b4b39a (diff) |
merge 6.3p1
Diffstat (limited to 'kexecdhc.c')
-rw-r--r-- | kexecdhc.c | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/kexecdhc.c b/kexecdhc.c index 115d4bf83..6193836c7 100644 --- a/kexecdhc.c +++ b/kexecdhc.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdhc.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */ | 1 | /* $OpenBSD: kexecdhc.c,v 1.4 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -57,11 +57,8 @@ kexecdh_client(Kex *kex) | |||
57 | u_char *server_host_key_blob = NULL, *signature = NULL; | 57 | u_char *server_host_key_blob = NULL, *signature = NULL; |
58 | u_char *kbuf, *hash; | 58 | u_char *kbuf, *hash; |
59 | u_int klen, slen, sbloblen, hashlen; | 59 | u_int klen, slen, sbloblen, hashlen; |
60 | int curve_nid; | ||
61 | 60 | ||
62 | if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1) | 61 | if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) |
63 | fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name); | ||
64 | if ((client_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL) | ||
65 | fatal("%s: EC_KEY_new_by_curve_name failed", __func__); | 62 | fatal("%s: EC_KEY_new_by_curve_name failed", __func__); |
66 | if (EC_KEY_generate_key(client_key) != 1) | 63 | if (EC_KEY_generate_key(client_key) != 1) |
67 | fatal("%s: EC_KEY_generate_key failed", __func__); | 64 | fatal("%s: EC_KEY_generate_key failed", __func__); |
@@ -123,7 +120,7 @@ kexecdh_client(Kex *kex) | |||
123 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) | 120 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) |
124 | fatal("%s: BN_bin2bn failed", __func__); | 121 | fatal("%s: BN_bin2bn failed", __func__); |
125 | memset(kbuf, 0, klen); | 122 | memset(kbuf, 0, klen); |
126 | xfree(kbuf); | 123 | free(kbuf); |
127 | 124 | ||
128 | /* calc and verify H */ | 125 | /* calc and verify H */ |
129 | kex_ecdh_hash( | 126 | kex_ecdh_hash( |
@@ -139,14 +136,14 @@ kexecdh_client(Kex *kex) | |||
139 | shared_secret, | 136 | shared_secret, |
140 | &hash, &hashlen | 137 | &hash, &hashlen |
141 | ); | 138 | ); |
142 | xfree(server_host_key_blob); | 139 | free(server_host_key_blob); |
143 | EC_POINT_clear_free(server_public); | 140 | EC_POINT_clear_free(server_public); |
144 | EC_KEY_free(client_key); | 141 | EC_KEY_free(client_key); |
145 | 142 | ||
146 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) | 143 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) |
147 | fatal("key_verify failed for server_host_key"); | 144 | fatal("key_verify failed for server_host_key"); |
148 | key_free(server_host_key); | 145 | key_free(server_host_key); |
149 | xfree(signature); | 146 | free(signature); |
150 | 147 | ||
151 | /* save session id */ | 148 | /* save session id */ |
152 | if (kex->session_id == NULL) { | 149 | if (kex->session_id == NULL) { |