1
1

ecdh: Refactor ecdh_build_k to check errors codes.

Этот коммит содержится в:
Andreas Schneider 2013-08-13 12:09:36 +02:00
родитель fc8081cd06
Коммит acbca6a562

Просмотреть файл

@ -99,6 +99,7 @@ static int ecdh_build_k(ssh_session session) {
const EC_GROUP *group = EC_KEY_get0_group(session->next_crypto->ecdh_privkey); const EC_GROUP *group = EC_KEY_get0_group(session->next_crypto->ecdh_privkey);
EC_POINT *pubkey; EC_POINT *pubkey;
void *buffer; void *buffer;
int rc;
int len = (EC_GROUP_get_degree(group) + 7) / 8; int len = (EC_GROUP_get_degree(group) + 7) / 8;
bignum_CTX ctx = bignum_ctx_new(); bignum_CTX ctx = bignum_ctx_new();
if (ctx == NULL) { if (ctx == NULL) {
@ -117,19 +118,48 @@ static int ecdh_build_k(ssh_session session) {
return -1; return -1;
} }
if (session->server) if (session->server) {
EC_POINT_oct2point(group,pubkey,ssh_string_data(session->next_crypto->ecdh_client_pubkey), rc = EC_POINT_oct2point(group,
ssh_string_len(session->next_crypto->ecdh_client_pubkey),ctx); pubkey,
else ssh_string_data(session->next_crypto->ecdh_client_pubkey),
EC_POINT_oct2point(group,pubkey,ssh_string_data(session->next_crypto->ecdh_server_pubkey), ssh_string_len(session->next_crypto->ecdh_client_pubkey),
ssh_string_len(session->next_crypto->ecdh_server_pubkey),ctx); ctx);
} else {
rc = EC_POINT_oct2point(group,
pubkey,
ssh_string_data(session->next_crypto->ecdh_server_pubkey),
ssh_string_len(session->next_crypto->ecdh_server_pubkey),
ctx);
}
bignum_ctx_free(ctx);
if (rc <= 0) {
EC_POINT_clear_free(pubkey);
return -1;
}
buffer = malloc(len); buffer = malloc(len);
ECDH_compute_key(buffer,len,pubkey,session->next_crypto->ecdh_privkey,NULL); if (buffer == NULL) {
EC_POINT_free(pubkey); EC_POINT_clear_free(pubkey);
BN_bin2bn(buffer,len,session->next_crypto->k); return -1;
}
rc = ECDH_compute_key(buffer,
len,
pubkey,
session->next_crypto->ecdh_privkey,
NULL);
EC_POINT_clear_free(pubkey);
if (rc <= 0) {
free(buffer); free(buffer);
return -1;
}
BN_bin2bn(buffer, len, session->next_crypto->k);
free(buffer);
EC_KEY_free(session->next_crypto->ecdh_privkey); EC_KEY_free(session->next_crypto->ecdh_privkey);
session->next_crypto->ecdh_privkey=NULL; session->next_crypto->ecdh_privkey = NULL;
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_print_hexa("Session server cookie", ssh_print_hexa("Session server cookie",
session->next_crypto->server_kex.cookie, 16); session->next_crypto->server_kex.cookie, 16);
@ -138,10 +168,6 @@ static int ecdh_build_k(ssh_session session) {
ssh_print_bignum("Shared secret key", session->next_crypto->k); ssh_print_bignum("Shared secret key", session->next_crypto->k);
#endif #endif
#ifdef HAVE_LIBCRYPTO
bignum_ctx_free(ctx);
#endif
return 0; return 0;
} }