summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--auth-rsa.c10
-rw-r--r--bufbn.c12
-rw-r--r--dh.c6
-rw-r--r--kexdhc.c5
-rw-r--r--kexdhs.c5
-rw-r--r--kexgexc.c5
-rw-r--r--kexgexs.c5
-rw-r--r--key.c16
-rw-r--r--moduli.c52
-rw-r--r--rsa.c18
-rw-r--r--scard.c12
-rw-r--r--ssh-dss.c7
-rw-r--r--ssh-keygen.c5
-rw-r--r--sshconnect1.c22
-rw-r--r--sshd.c6
16 files changed, 120 insertions, 73 deletions
diff --git a/ChangeLog b/ChangeLog
index 9bbf02bed..8af3cf900 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,11 @@
120061107 120061107
2 - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it 2 - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
3 if we absolutely need it. Pointed out by Corinna, ok djm@ 3 if we absolutely need it. Pointed out by Corinna, ok djm@
4 - (dtucker) OpenBSD CVS Sync
5 - markus@cvs.openbsd.org 2006/11/06 21:25:28
6 [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
7 ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
8 add missing checks for openssl return codes; with & ok djm@
4 9
520061105 1020061105
6 - (djm) OpenBSD CVS Sync 11 - (djm) OpenBSD CVS Sync
@@ -2592,4 +2597,4 @@
2592 OpenServer 6 and add osr5bigcrypt support so when someone migrates 2597 OpenServer 6 and add osr5bigcrypt support so when someone migrates
2593 passwords between UnixWare and OpenServer they will still work. OK dtucker@ 2598 passwords between UnixWare and OpenServer they will still work. OK dtucker@
2594 2599
2595$Id: ChangeLog,v 1.4584 2006/11/07 00:28:40 dtucker Exp $ 2600$Id: ChangeLog,v 1.4585 2006/11/07 12:14:41 dtucker Exp $
diff --git a/auth-rsa.c b/auth-rsa.c
index 8c43458b0..69f9a5896 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-rsa.c,v 1.71 2006/08/03 03:34:41 deraadt Exp $ */ 1/* $OpenBSD: auth-rsa.c,v 1.72 2006/11/06 21:25:27 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -76,10 +76,12 @@ auth_rsa_generate_challenge(Key *key)
76 if ((challenge = BN_new()) == NULL) 76 if ((challenge = BN_new()) == NULL)
77 fatal("auth_rsa_generate_challenge: BN_new() failed"); 77 fatal("auth_rsa_generate_challenge: BN_new() failed");
78 /* Generate a random challenge. */ 78 /* Generate a random challenge. */
79 BN_rand(challenge, 256, 0, 0); 79 if (BN_rand(challenge, 256, 0, 0) == 0)
80 fatal("auth_rsa_generate_challenge: BN_rand failed");
80 if ((ctx = BN_CTX_new()) == NULL) 81 if ((ctx = BN_CTX_new()) == NULL)
81 fatal("auth_rsa_generate_challenge: BN_CTX_new() failed"); 82 fatal("auth_rsa_generate_challenge: BN_CTX_new failed");
82 BN_mod(challenge, challenge, key->rsa->n, ctx); 83 if (BN_mod(challenge, challenge, key->rsa->n, ctx) == 0)
84 fatal("auth_rsa_generate_challenge: BN_mod failed");
83 BN_CTX_free(ctx); 85 BN_CTX_free(ctx);
84 86
85 return challenge; 87 return challenge;
diff --git a/bufbn.c b/bufbn.c
index 6cf65d372..9706ba8a8 100644
--- a/bufbn.c
+++ b/bufbn.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bufbn.c,v 1.3 2006/08/03 03:34:41 deraadt Exp $*/ 1/* $OpenBSD: bufbn.c,v 1.4 2006/11/06 21:25:28 markus Exp $*/
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -118,7 +118,10 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
118 return (-1); 118 return (-1);
119 } 119 }
120 bin = buffer_ptr(buffer); 120 bin = buffer_ptr(buffer);
121 BN_bin2bn(bin, bytes, value); 121 if (BN_bin2bn(bin, bytes, value) == NULL) {
122 error("buffer_get_bignum_ret: BN_bin2bn failed");
123 return (-1);
124 }
122 if (buffer_consume_ret(buffer, bytes) == -1) { 125 if (buffer_consume_ret(buffer, bytes) == -1) {
123 error("buffer_get_bignum_ret: buffer_consume failed"); 126 error("buffer_get_bignum_ret: buffer_consume failed");
124 return (-1); 127 return (-1);
@@ -202,7 +205,10 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
202 xfree(bin); 205 xfree(bin);
203 return (-1); 206 return (-1);
204 } 207 }
205 BN_bin2bn(bin, len, value); 208 if (BN_bin2bn(bin, len, value) == NULL) {
209 error("buffer_get_bignum2_ret: BN_bin2bn failed");
210 return (-1);
211 }
206 xfree(bin); 212 xfree(bin);
207 return (0); 213 return (0);
208} 214}
diff --git a/dh.c b/dh.c
index f6ef05cf6..e708ff78b 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.c,v 1.42 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: dh.c,v 1.43 2006/11/06 21:25:28 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * 4 *
@@ -254,9 +254,9 @@ dh_new_group_asc(const char *gen, const char *modulus)
254 if ((dh = DH_new()) == NULL) 254 if ((dh = DH_new()) == NULL)
255 fatal("dh_new_group_asc: DH_new"); 255 fatal("dh_new_group_asc: DH_new");
256 256
257 if (BN_hex2bn(&dh->p, modulus) == 0) 257 if (BN_hex2bn(&dh->p, modulus) == NULL)
258 fatal("BN_hex2bn p"); 258 fatal("BN_hex2bn p");
259 if (BN_hex2bn(&dh->g, gen) == 0) 259 if (BN_hex2bn(&dh->g, gen) == NULL)
260 fatal("BN_hex2bn g"); 260 fatal("BN_hex2bn g");
261 261
262 return (dh); 262 return (dh);
diff --git a/kexdhc.c b/kexdhc.c
index 61d54fdc2..d384c8052 100644
--- a/kexdhc.c
+++ b/kexdhc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhc.c,v 1.10 2006/10/31 16:33:12 markus Exp $ */ 1/* $OpenBSD: kexdhc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -120,7 +120,8 @@ kexdh_client(Kex *kex)
120#endif 120#endif
121 if ((shared_secret = BN_new()) == NULL) 121 if ((shared_secret = BN_new()) == NULL)
122 fatal("kexdh_client: BN_new failed"); 122 fatal("kexdh_client: BN_new failed");
123 BN_bin2bn(kbuf, kout, shared_secret); 123 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
124 fatal("kexdh_client: BN_bin2bn failed");
124 memset(kbuf, 0, klen); 125 memset(kbuf, 0, klen);
125 xfree(kbuf); 126 xfree(kbuf);
126 127
diff --git a/kexdhs.c b/kexdhs.c
index 5de434309..861708818 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhs.c,v 1.8 2006/10/31 16:33:12 markus Exp $ */ 1/* $OpenBSD: kexdhs.c,v 1.9 2006/11/06 21:25:28 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -108,7 +108,8 @@ kexdh_server(Kex *kex)
108#endif 108#endif
109 if ((shared_secret = BN_new()) == NULL) 109 if ((shared_secret = BN_new()) == NULL)
110 fatal("kexdh_server: BN_new failed"); 110 fatal("kexdh_server: BN_new failed");
111 BN_bin2bn(kbuf, kout, shared_secret); 111 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
112 fatal("kexdh_server: BN_bin2bn failed");
112 memset(kbuf, 0, klen); 113 memset(kbuf, 0, klen);
113 xfree(kbuf); 114 xfree(kbuf);
114 115
diff --git a/kexgexc.c b/kexgexc.c
index 49d50116a..adb973d5b 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexc.c,v 1.10 2006/10/31 16:33:12 markus Exp $ */ 1/* $OpenBSD: kexgexc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -158,7 +158,8 @@ kexgex_client(Kex *kex)
158#endif 158#endif
159 if ((shared_secret = BN_new()) == NULL) 159 if ((shared_secret = BN_new()) == NULL)
160 fatal("kexgex_client: BN_new failed"); 160 fatal("kexgex_client: BN_new failed");
161 BN_bin2bn(kbuf, kout, shared_secret); 161 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
162 fatal("kexgex_client: BN_bin2bn failed");
162 memset(kbuf, 0, klen); 163 memset(kbuf, 0, klen);
163 xfree(kbuf); 164 xfree(kbuf);
164 165
diff --git a/kexgexs.c b/kexgexs.c
index 863e15172..a037f57f2 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexs.c,v 1.9 2006/10/31 16:33:12 markus Exp $ */ 1/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -141,7 +141,8 @@ kexgex_server(Kex *kex)
141#endif 141#endif
142 if ((shared_secret = BN_new()) == NULL) 142 if ((shared_secret = BN_new()) == NULL)
143 fatal("kexgex_server: BN_new failed"); 143 fatal("kexgex_server: BN_new failed");
144 BN_bin2bn(kbuf, kout, shared_secret); 144 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
145 fatal("kexgex_server: BN_bin2bn failed");
145 memset(kbuf, 0, klen); 146 memset(kbuf, 0, klen);
146 xfree(kbuf); 147 xfree(kbuf);
147 148
diff --git a/key.c b/key.c
index f3b3d6b94..93b2d41fe 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: key.c,v 1.67 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: key.c,v 1.68 2006/11/06 21:25:28 markus Exp $ */
2/* 2/*
3 * read_bignum(): 3 * read_bignum():
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -617,16 +617,18 @@ key_from_private(const Key *k)
617 switch (k->type) { 617 switch (k->type) {
618 case KEY_DSA: 618 case KEY_DSA:
619 n = key_new(k->type); 619 n = key_new(k->type);
620 BN_copy(n->dsa->p, k->dsa->p); 620 if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
621 BN_copy(n->dsa->q, k->dsa->q); 621 (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
622 BN_copy(n->dsa->g, k->dsa->g); 622 (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
623 BN_copy(n->dsa->pub_key, k->dsa->pub_key); 623 (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL))
624 fatal("key_from_private: BN_copy failed");
624 break; 625 break;
625 case KEY_RSA: 626 case KEY_RSA:
626 case KEY_RSA1: 627 case KEY_RSA1:
627 n = key_new(k->type); 628 n = key_new(k->type);
628 BN_copy(n->rsa->n, k->rsa->n); 629 if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
629 BN_copy(n->rsa->e, k->rsa->e); 630 (BN_copy(n->rsa->e, k->rsa->e) == NULL))
631 fatal("key_from_private: BN_copy failed");
630 break; 632 break;
631 default: 633 default:
632 fatal("key_from_private: unknown type %d", k->type); 634 fatal("key_from_private: unknown type %d", k->type);
diff --git a/moduli.c b/moduli.c
index e18929bad..44e5ddfc0 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: moduli.c,v 1.18 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: moduli.c,v 1.19 2006/11/06 21:25:28 markus Exp $ */
2/* 2/*
3 * Copyright 1994 Phil Karn <karn@qualcomm.com> 3 * Copyright 1994 Phil Karn <karn@qualcomm.com>
4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> 4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -327,20 +327,26 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
327 327
328 /* validation check: count the number of primes tried */ 328 /* validation check: count the number of primes tried */
329 largetries = 0; 329 largetries = 0;
330 q = BN_new(); 330 if ((q = BN_new()) == NULL)
331 fatal("BN_new failed");
331 332
332 /* 333 /*
333 * Generate random starting point for subprime search, or use 334 * Generate random starting point for subprime search, or use
334 * specified parameter. 335 * specified parameter.
335 */ 336 */
336 largebase = BN_new(); 337 if ((largebase = BN_new()) == NULL)
337 if (start == NULL) 338 fatal("BN_new failed");
338 BN_rand(largebase, power, 1, 1); 339 if (start == NULL) {
339 else 340 if (BN_rand(largebase, power, 1, 1) == 0)
340 BN_copy(largebase, start); 341 fatal("BN_rand failed");
342 } else {
343 if (BN_copy(largebase, start) == NULL)
344 fatal("BN_copy: failed");
345 }
341 346
342 /* ensure odd */ 347 /* ensure odd */
343 BN_set_bit(largebase, 0); 348 if (BN_set_bit(largebase, 0) == 0)
349 fatal("BN_set_bit: failed");
344 350
345 time(&time_start); 351 time(&time_start);
346 352
@@ -424,8 +430,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
424 continue; /* Definitely composite, skip */ 430 continue; /* Definitely composite, skip */
425 431
426 debug2("test q = largebase+%u", 2 * j); 432 debug2("test q = largebase+%u", 2 * j);
427 BN_set_word(q, 2 * j); 433 if (BN_set_word(q, 2 * j) == 0)
428 BN_add(q, q, largebase); 434 fatal("BN_set_word failed");
435 if (BN_add(q, q, largebase) == 0)
436 fatal("BN_add failed");
429 if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE, 437 if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE,
430 largetries, (power - 1) /* MSB */, (0), q) == -1) { 438 largetries, (power - 1) /* MSB */, (0), q) == -1) {
431 ret = -1; 439 ret = -1;
@@ -470,9 +478,12 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
470 478
471 time(&time_start); 479 time(&time_start);
472 480
473 p = BN_new(); 481 if ((p = BN_new()) == NULL)
474 q = BN_new(); 482 fatal("BN_new failed");
475 ctx = BN_CTX_new(); 483 if ((q = BN_new()) == NULL)
484 fatal("BN_new failed");
485 if ((ctx = BN_CTX_new()) == NULL)
486 fatal("BN_CTX_new failed");
476 487
477 debug2("%.24s Final %u Miller-Rabin trials (%x generator)", 488 debug2("%.24s Final %u Miller-Rabin trials (%x generator)",
478 ctime(&time_start), trials, generator_wanted); 489 ctime(&time_start), trials, generator_wanted);
@@ -520,10 +531,13 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
520 case QTYPE_SOPHIE_GERMAIN: 531 case QTYPE_SOPHIE_GERMAIN:
521 debug2("%10u: (%u) Sophie-Germain", count_in, in_type); 532 debug2("%10u: (%u) Sophie-Germain", count_in, in_type);
522 a = q; 533 a = q;
523 BN_hex2bn(&a, cp); 534 if (BN_hex2bn(&a, cp) == 0)
535 fatal("BN_hex2bn failed");
524 /* p = 2*q + 1 */ 536 /* p = 2*q + 1 */
525 BN_lshift(p, q, 1); 537 if (BN_lshift(p, q, 1) == 0)
526 BN_add_word(p, 1); 538 fatal("BN_lshift failed");
539 if (BN_add_word(p, 1) == 0)
540 fatal("BN_add_word failed");
527 in_size += 1; 541 in_size += 1;
528 generator_known = 0; 542 generator_known = 0;
529 break; 543 break;
@@ -534,9 +548,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
534 case QTYPE_UNKNOWN: 548 case QTYPE_UNKNOWN:
535 debug2("%10u: (%u)", count_in, in_type); 549 debug2("%10u: (%u)", count_in, in_type);
536 a = p; 550 a = p;
537 BN_hex2bn(&a, cp); 551 if (BN_hex2bn(&a, cp) == 0)
552 fatal("BN_hex2bn failed");
538 /* q = (p-1) / 2 */ 553 /* q = (p-1) / 2 */
539 BN_rshift(q, p, 1); 554 if (BN_rshift(q, p, 1) == 0)
555 fatal("BN_rshift failed");
540 break; 556 break;
541 default: 557 default:
542 debug2("Unknown prime type"); 558 debug2("Unknown prime type");
diff --git a/rsa.c b/rsa.c
index 08cc82007..bec1d190b 100644
--- a/rsa.c
+++ b/rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa.c,v 1.28 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -91,7 +91,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
91 RSA_PKCS1_PADDING)) <= 0) 91 RSA_PKCS1_PADDING)) <= 0)
92 fatal("rsa_public_encrypt() failed"); 92 fatal("rsa_public_encrypt() failed");
93 93
94 BN_bin2bn(outbuf, len, out); 94 if (BN_bin2bn(outbuf, len, out) == NULL)
95 fatal("rsa_public_encrypt: BN_bin2bn failed");
95 96
96 memset(outbuf, 0, olen); 97 memset(outbuf, 0, olen);
97 memset(inbuf, 0, ilen); 98 memset(inbuf, 0, ilen);
@@ -116,7 +117,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
116 RSA_PKCS1_PADDING)) <= 0) { 117 RSA_PKCS1_PADDING)) <= 0) {
117 error("rsa_private_decrypt() failed"); 118 error("rsa_private_decrypt() failed");
118 } else { 119 } else {
119 BN_bin2bn(outbuf, len, out); 120 if (BN_bin2bn(outbuf, len, out) == NULL)
121 fatal("rsa_private_decrypt: BN_bin2bn failed");
120 } 122 }
121 memset(outbuf, 0, olen); 123 memset(outbuf, 0, olen);
122 memset(inbuf, 0, ilen); 124 memset(inbuf, 0, ilen);
@@ -137,11 +139,11 @@ rsa_generate_additional_parameters(RSA *rsa)
137 if ((ctx = BN_CTX_new()) == NULL) 139 if ((ctx = BN_CTX_new()) == NULL)
138 fatal("rsa_generate_additional_parameters: BN_CTX_new failed"); 140 fatal("rsa_generate_additional_parameters: BN_CTX_new failed");
139 141
140 BN_sub(aux, rsa->q, BN_value_one()); 142 if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
141 BN_mod(rsa->dmq1, rsa->d, aux, ctx); 143 (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
142 144 (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
143 BN_sub(aux, rsa->p, BN_value_one()); 145 (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0))
144 BN_mod(rsa->dmp1, rsa->d, aux, ctx); 146 fatal("rsa_generate_additional_parameters: BN_sub/mod failed");
145 147
146 BN_clear_free(aux); 148 BN_clear_free(aux);
147 BN_CTX_free(ctx); 149 BN_CTX_free(ctx);
diff --git a/scard.c b/scard.c
index 328655edd..9fd3ca1b4 100644
--- a/scard.c
+++ b/scard.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: scard.c,v 1.35 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: scard.c,v 1.36 2006/11/06 21:25:28 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -391,15 +391,17 @@ sc_get_keys(const char *id, const char *pin)
391 keys = xcalloc((nkeys+1), sizeof(Key *)); 391 keys = xcalloc((nkeys+1), sizeof(Key *));
392 392
393 n = key_new(KEY_RSA1); 393 n = key_new(KEY_RSA1);
394 BN_copy(n->rsa->n, k->rsa->n); 394 if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
395 BN_copy(n->rsa->e, k->rsa->e); 395 (BN_copy(n->rsa->e, k->rsa->e) == NULL))
396 fatal("sc_get_keys: BN_copy failed");
396 RSA_set_method(n->rsa, sc_get_rsa()); 397 RSA_set_method(n->rsa, sc_get_rsa());
397 n->flags |= KEY_FLAG_EXT; 398 n->flags |= KEY_FLAG_EXT;
398 keys[0] = n; 399 keys[0] = n;
399 400
400 n = key_new(KEY_RSA); 401 n = key_new(KEY_RSA);
401 BN_copy(n->rsa->n, k->rsa->n); 402 if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
402 BN_copy(n->rsa->e, k->rsa->e); 403 (BN_copy(n->rsa->e, k->rsa->e) == NULL))
404 fatal("sc_get_keys: BN_copy failed");
403 RSA_set_method(n->rsa, sc_get_rsa()); 405 RSA_set_method(n->rsa, sc_get_rsa());
404 n->flags |= KEY_FLAG_EXT; 406 n->flags |= KEY_FLAG_EXT;
405 keys[1] = n; 407 keys[1] = n;
diff --git a/ssh-dss.c b/ssh-dss.c
index fbc078e84..51a06e98f 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-dss.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: ssh-dss.c,v 1.24 2006/11/06 21:25:28 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -161,8 +161,9 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
161 fatal("ssh_dss_verify: BN_new failed"); 161 fatal("ssh_dss_verify: BN_new failed");
162 if ((sig->s = BN_new()) == NULL) 162 if ((sig->s = BN_new()) == NULL)
163 fatal("ssh_dss_verify: BN_new failed"); 163 fatal("ssh_dss_verify: BN_new failed");
164 BN_bin2bn(sigblob, INTBLOB_LEN, sig->r); 164 if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||
165 BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s); 165 (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL))
166 fatal("ssh_dss_verify: BN_bin2bn failed");
166 167
167 /* clean up */ 168 /* clean up */
168 memset(sigblob, 0, len); 169 memset(sigblob, 0, len);
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 969bd2359..1f42b9358 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.154 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.155 2006/11/06 21:25:28 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -222,7 +222,8 @@ buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
222 if (buffer_len(b) < bytes) 222 if (buffer_len(b) < bytes)
223 fatal("buffer_get_bignum_bits: input buffer too small: " 223 fatal("buffer_get_bignum_bits: input buffer too small: "
224 "need %d have %d", bytes, buffer_len(b)); 224 "need %d have %d", bytes, buffer_len(b));
225 BN_bin2bn(buffer_ptr(b), bytes, value); 225 if (BN_bin2bn(buffer_ptr(b), bytes, value) == NULL)
226 fatal("buffer_get_bignum_bits: BN_bin2bn failed");
226 buffer_consume(b, bytes); 227 buffer_consume(b, bytes);
227} 228}
228 229
diff --git a/sshconnect1.c b/sshconnect1.c
index 90fcb344f..fd07bbf74 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect1.c,v 1.69 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: sshconnect1.c,v 1.70 2006/11/06 21:25:28 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -563,14 +563,20 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
563 * the first 16 bytes of the session id. 563 * the first 16 bytes of the session id.
564 */ 564 */
565 if ((key = BN_new()) == NULL) 565 if ((key = BN_new()) == NULL)
566 fatal("respond_to_rsa_challenge: BN_new failed"); 566 fatal("ssh_kex: BN_new failed");
567 BN_set_word(key, 0); 567 if (BN_set_word(key, 0) == 0)
568 fatal("ssh_kex: BN_set_word failed");
568 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { 569 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
569 BN_lshift(key, key, 8); 570 if (BN_lshift(key, key, 8) == 0)
570 if (i < 16) 571 fatal("ssh_kex: BN_lshift failed");
571 BN_add_word(key, session_key[i] ^ session_id[i]); 572 if (i < 16) {
572 else 573 if (BN_add_word(key, session_key[i] ^ session_id[i])
573 BN_add_word(key, session_key[i]); 574 == 0)
575 fatal("ssh_kex: BN_add_word failed");
576 } else {
577 if (BN_add_word(key, session_key[i]) == 0)
578 fatal("ssh_kex: BN_add_word failed");
579 }
574 } 580 }
575 581
576 /* 582 /*
diff --git a/sshd.c b/sshd.c
index a5fa9e4eb..4aa1c98ed 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */ 1/* $OpenBSD: sshd.c,v 1.348 2006/11/06 21:25:28 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2013,10 +2013,10 @@ do_ssh1_kex(void)
2013 * key is in the highest bits. 2013 * key is in the highest bits.
2014 */ 2014 */
2015 if (!rsafail) { 2015 if (!rsafail) {
2016 BN_mask_bits(session_key_int, sizeof(session_key) * 8); 2016 (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8);
2017 len = BN_num_bytes(session_key_int); 2017 len = BN_num_bytes(session_key_int);
2018 if (len < 0 || (u_int)len > sizeof(session_key)) { 2018 if (len < 0 || (u_int)len > sizeof(session_key)) {
2019 error("do_connection: bad session key len from %s: " 2019 error("do_ssh1_kex: bad session key len from %s: "
2020 "session_key_int %d > sizeof(session_key) %lu", 2020 "session_key_int %d > sizeof(session_key) %lu",
2021 get_remote_ipaddr(), len, (u_long)sizeof(session_key)); 2021 get_remote_ipaddr(), len, (u_long)sizeof(session_key));
2022 rsafail++; 2022 rsafail++;