summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--common-kex.c10
-rw-r--r--ecc.c22
2 files changed, 8 insertions, 24 deletions
diff --git a/common-kex.c b/common-kex.c
index 1543fb8..729b5d8 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -304,7 +304,7 @@ void gen_new_keys() {
hash_process_mp(hashdesc, &hs, ses.dh_K);
mp_clear(ses.dh_K);
m_free(ses.dh_K);
- sha1_process(&hs, ses.hash->data, ses.hash->len);
+ hashdesc->process(&hs, ses.hash->data, ses.hash->len);
buf_burn(ses.hash);
buf_free(ses.hash);
ses.hash = NULL;
@@ -659,11 +659,9 @@ void free_kexecdh_param(struct kex_ecdh_param *param) {
void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them,
sign_key *hostkey) {
const struct dropbear_kex *algo_kex = ses.newkeys->algo_kex;
- hash_state hs;
// public keys from client and server
ecc_key *Q_C, *Q_S, *Q_them;
- // XXX load Q_them
Q_them = buf_get_ecc_pubkey(pub_them, algo_kex->ecc_curve);
ses.dh_K = dropbear_ecc_shared_secret(Q_them, &param->key);
@@ -689,12 +687,6 @@ void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them,
buf_putmpint(ses.kexhashbuf, ses.dh_K);
/* calculate the hash H to sign */
- algo_kex->hashdesc->init(&hs);
- buf_setpos(ses.kexhashbuf, 0);
- algo_kex->hashdesc->process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len),
- ses.kexhashbuf->len);
-
- /* calculate the hash H to sign */
finish_kexhashbuf();
}
#endif
diff --git a/ecc.c b/ecc.c
index fc5ea9d..de893f2 100644
--- a/ecc.c
+++ b/ecc.c
@@ -181,17 +181,6 @@ mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, ecc_key *private_key)
goto done;
}
-#if 0
- // XXX - possibly not neccessary tests?
- if (ltc_ecc_is_valid_idx(private_key->idx) == 0 || ltc_ecc_is_valid_idx(public_key->idx) == 0) {
- goto done;
- }
-
- if (XSTRCMP(private_key->dp->name, public_key->dp->name) != 0) {
- goto done;
- }
-#endif
-
/* make new point */
result = ltc_ecc_new_point();
if (result == NULL) {
@@ -211,20 +200,23 @@ mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, ecc_key *private_key)
err = DROPBEAR_SUCCESS;
done:
if (err == DROPBEAR_SUCCESS) {
- shared_secret = prime;
- prime = NULL;
+ shared_secret = m_malloc(sizeof(*shared_secret));
+ m_mp_init(shared_secret);
+ mp_copy(result->x, shared_secret);
}
if (prime) {
mp_clear(prime);
m_free(prime);
}
- ltc_ecc_del_point(result);
+ if (result)
+ {
+ ltc_ecc_del_point(result);
+ }
if (err == DROPBEAR_FAILURE) {
dropbear_exit("ECC error");
}
-
return shared_secret;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 16:59:29 +0000