/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
Key *server_host_key;
DH *dh;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
Key *server_host_key;
DH *dh;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
- u_int sbloblen, klen, kout, slen, hashlen;
- int min = -1, max = -1, nbits = -1, type;
+ u_int sbloblen, klen, slen, hashlen;
+ int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1;
+ int type, kout;
- min = packet_get_int();
- nbits = packet_get_int();
- max = packet_get_int();
+ omin = min = packet_get_int();
+ onbits = nbits = packet_get_int();
+ omax = max = packet_get_int();
min = MAX(DH_GRP_MIN, min);
max = MIN(DH_GRP_MAX, max);
min = MAX(DH_GRP_MIN, min);
max = MIN(DH_GRP_MAX, max);
/* Contact privileged parent */
dh = PRIVSEP(choose_dh(min, nbits, max));
/* Contact privileged parent */
dh = PRIVSEP(choose_dh(min, nbits, max));
- kout = DH_compute_key(kbuf, dh_client_pub, dh);
+ if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
+ fatal("DH_compute_key: failed");
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexgex_server: BN_new failed");
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexgex_server: BN_new failed");
- BN_bin2bn(kbuf, kout, shared_secret);
+ if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
+ fatal("kexgex_server: BN_bin2bn failed");
memset(kbuf, 0, klen);
xfree(kbuf);
key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
memset(kbuf, 0, klen);
xfree(kbuf);
key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
server_host_key_blob, sbloblen,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
server_host_key_blob, sbloblen,
- PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
+ if (PRIVSEP(key_sign(server_host_key, &signature, &slen, hash,
+ hashlen)) < 0)
+ fatal("kexgex_server: key_sign failed");