- markus@cvs.openbsd.org 2006/10/31 16:33:12

     [kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
     check DH_compute_key() for -1 even if it should not happen because of
     earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm

diff --git a/ChangeLog b/ChangeLog
index 4804bc33845ef28a2ce8959df7ddd045f35e2337..967550065f8619ba208646c0a87ef4d023a22a7f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,10 @@
    - otto@cvs.openbsd.org 2006/10/28 18:08:10
      [ssh.1]
      correct/expand example of usage of -w; ok jmc@ stevesk@
+   - markus@cvs.openbsd.org 2006/10/31 16:33:12
+     [kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
+     check DH_compute_key() for -1 even if it should not happen because of
+     earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
 
 20061101
  - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr

diff --git a/kexdhc.c b/kexdhc.c
index 64de7af3088476903f0d68eb9c380dc561f7aee2..61d54fdc2dac0028036fb822278f5d2cb9cbec78 100644 (file)
--- a/kexdhc.c
+++ b/kexdhc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kexdhc.c,v 1.10 2006/10/31 16:33:12 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -50,7 +50,8 @@ kexdh_client(Kex *kex)
        Key *server_host_key;
        u_char *server_host_key_blob = NULL, *signature = NULL;
        u_char *kbuf, *hash;
-       u_int klen, kout, slen, sbloblen, hashlen;
+       u_int klen, slen, sbloblen, hashlen;
+       int kout;
 
        /* generate and send 'e', client DH public key */
        switch (kex->kex_type) {
@@ -112,7 +113,8 @@ kexdh_client(Kex *kex)
 
        klen = DH_size(dh);
        kbuf = xmalloc(klen);
-       kout = DH_compute_key(kbuf, dh_server_pub, dh);
+       if ((kout = DH_compute_key(kbuf, dh_server_pub, dh)) < 0)
+               fatal("DH_compute_key: failed");
 #ifdef DEBUG_KEXDH
        dump_digest("shared secret", kbuf, kout);
 #endif

diff --git a/kexdhs.c b/kexdhs.c
index 93ec97f931ea839155508dcf004f833f806ca29f..5de43430979602c98ddb0311ac008d1f05b2a1d2 100644 (file)
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.8 2006/10/31 16:33:12 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -52,8 +52,8 @@ kexdh_server(Kex *kex)
        DH *dh;
        Key *server_host_key;
        u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
-       u_int sbloblen, klen, kout, hashlen;
-       u_int slen;
+       u_int sbloblen, klen, hashlen, slen;
+       int kout;
 
        /* generate server DH public key */
        switch (kex->kex_type) {
@@ -101,7 +101,8 @@ kexdh_server(Kex *kex)
 
        klen = DH_size(dh);
        kbuf = xmalloc(klen);
-       kout = DH_compute_key(kbuf, dh_client_pub, dh);
+       if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
+               fatal("DH_compute_key: failed");
 #ifdef DEBUG_KEXDH
        dump_digest("shared secret", kbuf, kout);
 #endif

diff --git a/kexgexc.c b/kexgexc.c
index 2c19713e11a75dde09d1f4e5779cb91ac0b8fef0..49d50116a4c598a197fb9d542b4a4b523a9b4c50 100644 (file)
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.10 2006/10/31 16:33:12 markus Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -51,7 +51,8 @@ kexgex_client(Kex *kex)
        BIGNUM *p = NULL, *g = NULL;
        Key *server_host_key;
        u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
-       u_int klen, kout, slen, sbloblen, hashlen;
+       u_int klen, slen, sbloblen, hashlen;
+       int kout;
        int min, max, nbits;
        DH *dh;
 
@@ -150,7 +151,8 @@ kexgex_client(Kex *kex)
 
        klen = DH_size(dh);
        kbuf = xmalloc(klen);
-       kout = DH_compute_key(kbuf, dh_server_pub, dh);
+       if ((kout = DH_compute_key(kbuf, dh_server_pub, dh)) < 0)
+               fatal("DH_compute_key: failed");
 #ifdef DEBUG_KEXDH
        dump_digest("shared secret", kbuf, kout);
 #endif

diff --git a/kexgexs.c b/kexgexs.c
index 5373a633a4dd4c9c66640743c61671624845081b..863e1517282d484156560ec693a30b969c22f0fc 100644 (file)
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.9 2006/10/31 16:33:12 markus Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -55,8 +55,8 @@ kexgex_server(Kex *kex)
        Key *server_host_key;
        DH *dh;
        u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
-       u_int sbloblen, klen, kout, slen, hashlen;
-       int min = -1, max = -1, nbits = -1, type;
+       u_int sbloblen, klen, slen, hashlen;
+       int min = -1, max = -1, nbits = -1, type, kout;
 
        if (kex->load_host_key == NULL)
                fatal("Cannot load hostkey");
@@ -134,7 +134,8 @@ kexgex_server(Kex *kex)
 
        klen = DH_size(dh);
        kbuf = xmalloc(klen);
-       kout = DH_compute_key(kbuf, dh_client_pub, dh);
+       if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
+               fatal("DH_compute_key: failed");
 #ifdef DEBUG_KEXDH
        dump_digest("shared secret", kbuf, kout);
 #endif