* New upstream release (http://www.openssh.com/txt/release-6.3).

- sftp(1): add support for resuming partial downloads using the "reget" command and on the sftp commandline or on the "get" commandline using the "-a" (append) option (closes: #158590). - ssh(1): add an "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives (closes: #436052). - sftp(1): update progressmeter when data is acknowledged, not when it's sent (partially addresses #708372). - ssh(1): do not fatally exit when attempting to cleanup multiplexing- created channels that are incompletely opened (closes: #651357).
author: Colin Watson <cjwatson@debian.org> 2013-09-14 23:42:11 +0100
committer: Colin Watson <cjwatson@debian.org> 2013-09-14 23:42:11 +0100
commit: 327155e6824b3ee13837bdde04e4eb47e147ff46 (patch)
tree: 8f8743122403c7a2e6ed919156711fb1520c657f /kexecdhs.c
parent: 0334ce32304e9ba2a10ee5ca49ca6e8ff3ba6cf4 (diff)
parent: 74e339b8f8936bc0d985e053a076d0c9b5e9ea51 (diff)
1 files changed, 7 insertions, 14 deletions
diff --git a/kexecdhs.c b/kexecdhs.c
index 8c515dfa6..3a580aacf 100644
--- a/kexecdhs.c
+++ b/kexecdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhs.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */
+/* $OpenBSD: kexecdhs.c,v 1.5 2013/07/19 07:37:48 markus Exp $ */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -59,11 +59,8 @@ kexecdh_server(Kex *kex)
        u_char *server_host_key_blob = NULL, *signature = NULL;
        u_char *kbuf, *hash;
        u_int klen, slen, sbloblen, hashlen;
-        int curve_nid;
-        if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1)
+        if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)
-                fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name);
-        if ((server_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL)
                fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
        if (EC_KEY_generate_key(server_key) != 1)
                fatal("%s: EC_KEY_generate_key failed", __func__);
@@ -81,9 +78,6 @@ kexecdh_server(Kex *kex)
        if (server_host_public == NULL)
                fatal("Unsupported hostkey type %d", kex->hostkey_type);
        server_host_private = kex->load_host_private_key(kex->hostkey_type);
-        if (server_host_private == NULL)
-                fatal("Missing private key for hostkey type %d",
-                    kex->hostkey_type);
        debug("expecting SSH2_MSG_KEX_ECDH_INIT");
        packet_read_expect(SSH2_MSG_KEX_ECDH_INIT);
@@ -115,7 +109,7 @@ kexecdh_server(Kex *kex)
        if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
                fatal("%s: BN_bin2bn failed", __func__);
        memset(kbuf, 0, klen);
-        xfree(kbuf);
+        free(kbuf);
        /* calc H */
        key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
@@ -142,9 +136,8 @@ kexecdh_server(Kex *kex)
        }
        /* sign H */
-        if (PRIVSEP(key_sign(server_host_private, &signature, &slen,
+        kex->sign(server_host_private, server_host_public, &signature, &slen,
-            hash, hashlen)) < 0)
+            hash, hashlen);
-                fatal("kexdh_server: key_sign failed");
        /* destroy_sensitive_data(); */
@@ -155,8 +148,8 @@ kexecdh_server(Kex *kex)
        packet_put_string(signature, slen);
        packet_send();
-        xfree(signature);
+        free(signature);
-        xfree(server_host_key_blob);
+        free(server_host_key_blob);
        /* have keys, free server key */
        EC_KEY_free(server_key);
author	Colin Watson <cjwatson@debian.org>	2013-09-14 23:42:11 +0100
committer	Colin Watson <cjwatson@debian.org>	2013-09-14 23:42:11 +0100
commit	327155e6824b3ee13837bdde04e4eb47e147ff46 (patch)
tree	8f8743122403c7a2e6ed919156711fb1520c657f /kexecdhs.c
parent	0334ce32304e9ba2a10ee5ca49ca6e8ff3ba6cf4 (diff)
parent	74e339b8f8936bc0d985e053a076d0c9b5e9ea51 (diff)