summaryrefslogtreecommitdiff
path: root/kexecdhs.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2013-09-14 15:43:03 +0100
committerColin Watson <cjwatson@debian.org>2013-09-14 15:43:03 +0100
commit8faf8c84430cf3c19705b1d9f8889d256e7fd1fd (patch)
treee6cb74192adb00fda5e4d1457547851d7e0d86af /kexecdhs.c
parent328b60656f29db6306994d7498dede386ec2d1c3 (diff)
parentc41345ad7ee5a22689e2c009595e85fa27b4b39a (diff)
merge 6.3p1
Diffstat (limited to 'kexecdhs.c')
-rw-r--r--kexecdhs.c21
1 files changed, 7 insertions, 14 deletions
diff --git a/kexecdhs.c b/kexecdhs.c
index 8c515dfa6..3a580aacf 100644
--- a/kexecdhs.c
+++ b/kexecdhs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexecdhs.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */ 1/* $OpenBSD: kexecdhs.c,v 1.5 2013/07/19 07:37:48 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -59,11 +59,8 @@ kexecdh_server(Kex *kex)
59 u_char *server_host_key_blob = NULL, *signature = NULL; 59 u_char *server_host_key_blob = NULL, *signature = NULL;
60 u_char *kbuf, *hash; 60 u_char *kbuf, *hash;
61 u_int klen, slen, sbloblen, hashlen; 61 u_int klen, slen, sbloblen, hashlen;
62 int curve_nid;
63 62
64 if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1) 63 if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)
65 fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name);
66 if ((server_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL)
67 fatal("%s: EC_KEY_new_by_curve_name failed", __func__); 64 fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
68 if (EC_KEY_generate_key(server_key) != 1) 65 if (EC_KEY_generate_key(server_key) != 1)
69 fatal("%s: EC_KEY_generate_key failed", __func__); 66 fatal("%s: EC_KEY_generate_key failed", __func__);
@@ -81,9 +78,6 @@ kexecdh_server(Kex *kex)
81 if (server_host_public == NULL) 78 if (server_host_public == NULL)
82 fatal("Unsupported hostkey type %d", kex->hostkey_type); 79 fatal("Unsupported hostkey type %d", kex->hostkey_type);
83 server_host_private = kex->load_host_private_key(kex->hostkey_type); 80 server_host_private = kex->load_host_private_key(kex->hostkey_type);
84 if (server_host_private == NULL)
85 fatal("Missing private key for hostkey type %d",
86 kex->hostkey_type);
87 81
88 debug("expecting SSH2_MSG_KEX_ECDH_INIT"); 82 debug("expecting SSH2_MSG_KEX_ECDH_INIT");
89 packet_read_expect(SSH2_MSG_KEX_ECDH_INIT); 83 packet_read_expect(SSH2_MSG_KEX_ECDH_INIT);
@@ -115,7 +109,7 @@ kexecdh_server(Kex *kex)
115 if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) 109 if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
116 fatal("%s: BN_bin2bn failed", __func__); 110 fatal("%s: BN_bin2bn failed", __func__);
117 memset(kbuf, 0, klen); 111 memset(kbuf, 0, klen);
118 xfree(kbuf); 112 free(kbuf);
119 113
120 /* calc H */ 114 /* calc H */
121 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); 115 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
@@ -142,9 +136,8 @@ kexecdh_server(Kex *kex)
142 } 136 }
143 137
144 /* sign H */ 138 /* sign H */
145 if (PRIVSEP(key_sign(server_host_private, &signature, &slen, 139 kex->sign(server_host_private, server_host_public, &signature, &slen,
146 hash, hashlen)) < 0) 140 hash, hashlen);
147 fatal("kexdh_server: key_sign failed");
148 141
149 /* destroy_sensitive_data(); */ 142 /* destroy_sensitive_data(); */
150 143
@@ -155,8 +148,8 @@ kexecdh_server(Kex *kex)
155 packet_put_string(signature, slen); 148 packet_put_string(signature, slen);
156 packet_send(); 149 packet_send();
157 150
158 xfree(signature); 151 free(signature);
159 xfree(server_host_key_blob); 152 free(server_host_key_blob);
160 /* have keys, free server key */ 153 /* have keys, free server key */
161 EC_KEY_free(server_key); 154 EC_KEY_free(server_key);
162 155