aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2013-08-13 12:09:36 +0200
committerAndreas Schneider <asn@cryptomilk.org>2013-08-13 12:09:36 +0200
commitacbca6a56288991f37836f0be7f4a12e12947ea5 (patch)
tree23943177858ee4b0a52781dc475defd7cca3528c
parentfc8081cd066c077c24a63dcdf78817bd505f5425 (diff)
downloadlibssh-acbca6a56288991f37836f0be7f4a12e12947ea5.tar.gz
libssh-acbca6a56288991f37836f0be7f4a12e12947ea5.tar.xz
libssh-acbca6a56288991f37836f0be7f4a12e12947ea5.zip
ecdh: Refactor ecdh_build_k to check errors codes.
-rw-r--r--src/ecdh.c54
1 files changed, 40 insertions, 14 deletions
diff --git a/src/ecdh.c b/src/ecdh.c
index c9c5c329..3f065e7e 100644
--- a/src/ecdh.c
+++ b/src/ecdh.c
@@ -99,6 +99,7 @@ static int ecdh_build_k(ssh_session session) {
const EC_GROUP *group = EC_KEY_get0_group(session->next_crypto->ecdh_privkey);
EC_POINT *pubkey;
void *buffer;
+ int rc;
int len = (EC_GROUP_get_degree(group) + 7) / 8;
bignum_CTX ctx = bignum_ctx_new();
if (ctx == NULL) {
@@ -117,19 +118,48 @@ static int ecdh_build_k(ssh_session session) {
return -1;
}
- if (session->server)
- EC_POINT_oct2point(group,pubkey,ssh_string_data(session->next_crypto->ecdh_client_pubkey),
- ssh_string_len(session->next_crypto->ecdh_client_pubkey),ctx);
- else
- EC_POINT_oct2point(group,pubkey,ssh_string_data(session->next_crypto->ecdh_server_pubkey),
- ssh_string_len(session->next_crypto->ecdh_server_pubkey),ctx);
+ if (session->server) {
+ rc = EC_POINT_oct2point(group,
+ pubkey,
+ ssh_string_data(session->next_crypto->ecdh_client_pubkey),
+ ssh_string_len(session->next_crypto->ecdh_client_pubkey),
+ ctx);
+ } else {
+ rc = EC_POINT_oct2point(group,
+ pubkey,
+ ssh_string_data(session->next_crypto->ecdh_server_pubkey),
+ ssh_string_len(session->next_crypto->ecdh_server_pubkey),
+ ctx);
+ }
+ bignum_ctx_free(ctx);
+ if (rc <= 0) {
+ EC_POINT_clear_free(pubkey);
+ return -1;
+ }
+
buffer = malloc(len);
- ECDH_compute_key(buffer,len,pubkey,session->next_crypto->ecdh_privkey,NULL);
- EC_POINT_free(pubkey);
- BN_bin2bn(buffer,len,session->next_crypto->k);
+ if (buffer == NULL) {
+ EC_POINT_clear_free(pubkey);
+ return -1;
+ }
+
+ rc = ECDH_compute_key(buffer,
+ len,
+ pubkey,
+ session->next_crypto->ecdh_privkey,
+ NULL);
+ EC_POINT_clear_free(pubkey);
+ if (rc <= 0) {
+ free(buffer);
+ return -1;
+ }
+
+ BN_bin2bn(buffer, len, session->next_crypto->k);
free(buffer);
+
EC_KEY_free(session->next_crypto->ecdh_privkey);
- session->next_crypto->ecdh_privkey=NULL;
+ session->next_crypto->ecdh_privkey = NULL;
+
#ifdef DEBUG_CRYPTO
ssh_print_hexa("Session server cookie",
session->next_crypto->server_kex.cookie, 16);
@@ -138,10 +168,6 @@ static int ecdh_build_k(ssh_session session) {
ssh_print_bignum("Shared secret key", session->next_crypto->k);
#endif
-#ifdef HAVE_LIBCRYPTO
- bignum_ctx_free(ctx);
-#endif
-
return 0;
}