ecdh: fix SSH_MSG_KEXDH_REPLY for mbedTLS

Ensure to provide the `ssh_string` pubkey blob to the buffer packing routine when computing the SSH_MSG_KEXDH_REPLY message, rather than the new `ssh_key` type. Introduced with 16217454d576511f37f39c3169963629f9d5082f. Testing done: with this change, the `pkd_hello` test is passing on a mbedTLS build for me. Previously it would segfault during pubkey exchange with "ecdh-sha2-nistp256". Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-25 03:39:21 -07:00 · 2018-05-25 03:39:21 -07:00 · 448de134ac
--- a/src/ecdh_mbedcrypto.c
+++ b/src/ecdh_mbedcrypto.c
@ -181,6 +181,7 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet)
    mbedtls_ecp_group grp;
    ssh_key privkey = NULL;
    ssh_string sig_blob = NULL;
+    ssh_string pubkey_blob = NULL;
    int rc;
    mbedtls_ecp_group_id curve;

@ -256,12 +257,21 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet)
        goto out;
    }

+    rc = ssh_dh_get_next_server_publickey_blob(session, &pubkey_blob);
+    if (rc != SSH_OK) {
+        ssh_set_error(session, SSH_FATAL, "Could not export server public key");
+        ssh_string_free(sig_blob);
+        goto out;
+    }
+
    rc = ssh_buffer_pack(session->out_buffer, "bSSS",
-            SSH2_MSG_KEXDH_REPLY, session->next_crypto->server_pubkey,
-            q_s_string,
-            sig_blob);
+                         SSH2_MSG_KEXDH_REPLY,
+                         pubkey_blob, /* host's pubkey */
+                         q_s_string, /* ecdh public key */
+                         sig_blob); /* signature blob */

    ssh_string_free(sig_blob);
+    ssh_string_free(pubkey_blob);

    if (rc != SSH_OK) {
        ssh_set_error_oom(session);