diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2006-07-07 09:28:32 +0000 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2006-07-07 09:28:32 +0000 |
| commit | 60797cb25fec087ad38076fbf50dd813fb461166 (patch) | |
| tree | 1e6efbff90099d70622c7b680ca3ff6c453c95d6 | |
| parent | c9319fbef5b9c2dbf1f9c58b040e20d709c69fb0 (diff) | |
From Erik Hovland
- Check for valid cipher independently to starting encryption
- Use failure-checking m_mp_init for initialising mpint value
--HG--
extra : convert_revision : a72c49d2d031aa3b6fe34b61fd5ce0315f35ec72
| -rw-r--r-- | common-kex.c | 20 | ||||
| -rw-r--r-- | options.h | 4 |
2 files changed, 14 insertions, 10 deletions
diff --git a/common-kex.c b/common-kex.c index 5db8e52..af39d1a 100644 --- a/common-kex.c +++ b/common-kex.c @@ -262,6 +262,7 @@ void gen_new_keys() { hash_state hs; unsigned int C2S_keysize, S2C_keysize; char mactransletter, macrecvletter; /* Client or server specific */ + int recv_cipher = 0, trans_cipher = 0; TRACE(("enter gen_new_keys")) /* the dh_K and hash are the start of all hashes, we make use of that */ @@ -298,17 +299,20 @@ void gen_new_keys() { hashkeys(C2S_key, C2S_keysize, &hs, 'C'); hashkeys(S2C_key, S2C_keysize, &hs, 'D'); - if (cbc_start( - find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name), - recv_IV, recv_key, + recv_cipher = find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name); + if (recv_cipher < 0) + dropbear_exit("crypto error"); + + if (cbc_start(recv_cipher, recv_IV, recv_key, ses.newkeys->recv_algo_crypt->keysize, 0, &ses.newkeys->recv_symmetric_struct) != CRYPT_OK) { dropbear_exit("crypto error"); } - - if (cbc_start( - find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name), - trans_IV, trans_key, + trans_cipher = find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name); + if (trans_cipher < 0) + dropbear_exit("crypto error"); + + if (cbc_start(trans_cipher, trans_IV, trans_key, ses.newkeys->trans_algo_crypt->keysize, 0, &ses.newkeys->trans_symmetric_struct) != CRYPT_OK) { dropbear_exit("crypto error"); @@ -517,7 +521,7 @@ void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them, hash_state hs; /* read the prime and generator*/ - mp_init(&dh_p); + m_mp_init(&dh_p); bytes_to_mp(&dh_p, dh_p_val, DH_P_LEN); /* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */ @@ -127,8 +127,8 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * but there's an interface via a PAM module - don't bother using it otherwise. * You can't enable both PASSWORD and PAM. */ -#define ENABLE_SVR_PASSWORD_AUTH -/* #define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */ +/*#define ENABLE_SVR_PASSWORD_AUTH*/ +#define ENABLE_SVR_PAM_AUTH #define ENABLE_SVR_PUBKEY_AUTH #define ENABLE_CLI_PASSWORD_AUTH |