ecdh: Refactor ecdh_build_k to check errors codes.
Этот коммит содержится в:
родитель
fc8081cd06
Коммит
acbca6a562
54
src/ecdh.c
54
src/ecdh.c
@ -99,6 +99,7 @@ static int ecdh_build_k(ssh_session session) {
|
|||||||
const EC_GROUP *group = EC_KEY_get0_group(session->next_crypto->ecdh_privkey);
|
const EC_GROUP *group = EC_KEY_get0_group(session->next_crypto->ecdh_privkey);
|
||||||
EC_POINT *pubkey;
|
EC_POINT *pubkey;
|
||||||
void *buffer;
|
void *buffer;
|
||||||
|
int rc;
|
||||||
int len = (EC_GROUP_get_degree(group) + 7) / 8;
|
int len = (EC_GROUP_get_degree(group) + 7) / 8;
|
||||||
bignum_CTX ctx = bignum_ctx_new();
|
bignum_CTX ctx = bignum_ctx_new();
|
||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
@ -117,19 +118,48 @@ static int ecdh_build_k(ssh_session session) {
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (session->server)
|
if (session->server) {
|
||||||
EC_POINT_oct2point(group,pubkey,ssh_string_data(session->next_crypto->ecdh_client_pubkey),
|
rc = EC_POINT_oct2point(group,
|
||||||
ssh_string_len(session->next_crypto->ecdh_client_pubkey),ctx);
|
pubkey,
|
||||||
else
|
ssh_string_data(session->next_crypto->ecdh_client_pubkey),
|
||||||
EC_POINT_oct2point(group,pubkey,ssh_string_data(session->next_crypto->ecdh_server_pubkey),
|
ssh_string_len(session->next_crypto->ecdh_client_pubkey),
|
||||||
ssh_string_len(session->next_crypto->ecdh_server_pubkey),ctx);
|
ctx);
|
||||||
|
} else {
|
||||||
|
rc = EC_POINT_oct2point(group,
|
||||||
|
pubkey,
|
||||||
|
ssh_string_data(session->next_crypto->ecdh_server_pubkey),
|
||||||
|
ssh_string_len(session->next_crypto->ecdh_server_pubkey),
|
||||||
|
ctx);
|
||||||
|
}
|
||||||
|
bignum_ctx_free(ctx);
|
||||||
|
if (rc <= 0) {
|
||||||
|
EC_POINT_clear_free(pubkey);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
buffer = malloc(len);
|
buffer = malloc(len);
|
||||||
ECDH_compute_key(buffer,len,pubkey,session->next_crypto->ecdh_privkey,NULL);
|
if (buffer == NULL) {
|
||||||
EC_POINT_free(pubkey);
|
EC_POINT_clear_free(pubkey);
|
||||||
BN_bin2bn(buffer,len,session->next_crypto->k);
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = ECDH_compute_key(buffer,
|
||||||
|
len,
|
||||||
|
pubkey,
|
||||||
|
session->next_crypto->ecdh_privkey,
|
||||||
|
NULL);
|
||||||
|
EC_POINT_clear_free(pubkey);
|
||||||
|
if (rc <= 0) {
|
||||||
free(buffer);
|
free(buffer);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
BN_bin2bn(buffer, len, session->next_crypto->k);
|
||||||
|
free(buffer);
|
||||||
|
|
||||||
EC_KEY_free(session->next_crypto->ecdh_privkey);
|
EC_KEY_free(session->next_crypto->ecdh_privkey);
|
||||||
session->next_crypto->ecdh_privkey=NULL;
|
session->next_crypto->ecdh_privkey = NULL;
|
||||||
|
|
||||||
#ifdef DEBUG_CRYPTO
|
#ifdef DEBUG_CRYPTO
|
||||||
ssh_print_hexa("Session server cookie",
|
ssh_print_hexa("Session server cookie",
|
||||||
session->next_crypto->server_kex.cookie, 16);
|
session->next_crypto->server_kex.cookie, 16);
|
||||||
@ -138,10 +168,6 @@ static int ecdh_build_k(ssh_session session) {
|
|||||||
ssh_print_bignum("Shared secret key", session->next_crypto->k);
|
ssh_print_bignum("Shared secret key", session->next_crypto->k);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_LIBCRYPTO
|
|
||||||
bignum_ctx_free(ctx);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Загрузка…
Ссылка в новой задаче
Block a user