diff options
| -rw-r--r-- | cli-kex.c | 13 | ||||
| -rw-r--r-- | common-kex.c | 9 | ||||
| -rw-r--r-- | dss.c | 16 | ||||
| -rw-r--r-- | gendss.c | 11 | ||||
| -rw-r--r-- | genrsa.c | 6 | ||||
| -rw-r--r-- | options.h | 2 | ||||
| -rw-r--r-- | rsa.c | 5 | ||||
| -rw-r--r-- | svr-kex.c | 6 |
8 files changed, 46 insertions, 22 deletions
@@ -45,8 +45,8 @@ void send_msg_kexdh_init() { cli_ses.dh_e = (mp_int*)m_malloc(sizeof(mp_int)); cli_ses.dh_x = (mp_int*)m_malloc(sizeof(mp_int)); - m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x, NULL); + gen_kexdh_vals(cli_ses.dh_e, cli_ses.dh_x); CHECKCLEARTOWRITE(); @@ -59,13 +59,18 @@ void send_msg_kexdh_init() { /* Handle a diffie-hellman key exchange reply. */ void recv_msg_kexdh_reply() { - mp_int dh_f; + DEF_MP_INT(dh_f); sign_key *hostkey = NULL; unsigned int type, keybloblen; unsigned char* keyblob = NULL; TRACE(("enter recv_msg_kexdh_reply")); + + if (cli_ses.kex_state != KEXDH_INIT_SENT) { + dropbear_exit("Received out-of-order kexdhreply"); + } + m_mp_init(&dh_f); type = ses.newkeys->algo_hostkey; TRACE(("type is %d", type)); @@ -83,7 +88,6 @@ void recv_msg_kexdh_reply() { dropbear_exit("Bad KEX packet"); } - m_mp_init(&dh_f); if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) { TRACE(("failed getting mpint")); dropbear_exit("Bad KEX packet"); @@ -91,6 +95,9 @@ void recv_msg_kexdh_reply() { kexdh_comb_key(cli_ses.dh_e, cli_ses.dh_x, &dh_f, hostkey); mp_clear(&dh_f); + mp_clear_multi(cli_ses.dh_e, cli_ses.dh_x, NULL); + m_free(cli_ses.dh_e); + m_free(cli_ses.dh_x); if (buf_verify(ses.payload, hostkey, ses.hash, SHA1_HASH_SIZE) != DROPBEAR_SUCCESS) { diff --git a/common-kex.c b/common-kex.c index f8bfe97..7bb0c82 100644 --- a/common-kex.c +++ b/common-kex.c @@ -464,17 +464,18 @@ void recv_msg_kexinit() { /* Initialises and generate one side of the diffie-hellman key exchange values. * See the ietf-secsh-transport draft, section 6, for details */ -/* dh_pub and dh_priv will be initialised by this function, and should be - * mp_clear()ed after finished */ +/* dh_pub and dh_priv MUST be already initialised */ void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv) { - mp_int dh_p, dh_q, dh_g; + DEF_MP_INT(dh_p); + DEF_MP_INT(dh_q); + DEF_MP_INT(dh_g); unsigned char randbuf[DH_P_LEN]; int dh_q_len; TRACE(("enter send_msg_kexdh_reply")); - m_mp_init_multi(&dh_g, &dh_p, &dh_q, dh_priv, dh_pub, NULL); + m_mp_init_multi(&dh_g, &dh_p, &dh_q, NULL); /* read the prime and generator*/ if (mp_read_unsigned_bin(&dh_p, (unsigned char*)dh_p_val, DH_P_LEN) @@ -164,7 +164,10 @@ int buf_dss_verify(buffer* buf, dss_key *key, const unsigned char* data, unsigned char msghash[SHA1_HASH_SIZE]; hash_state hs; int ret = DROPBEAR_FAILURE; - mp_int val1, val2, val3, val4; + DEF_MP_INT(val1); + DEF_MP_INT(val2); + DEF_MP_INT(val3); + DEF_MP_INT(val4); char * string = NULL; int stringlen; @@ -281,13 +284,16 @@ void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data, unsigned char privkeyhash[SHA512_HASH_SIZE]; unsigned char *privkeytmp; unsigned char proto_k[SHA512_HASH_SIZE]; - mp_int dss_protok; + DEF_MP_INT(dss_protok); #else unsigned char kbuf[SHA1_HASH_SIZE]; #endif - mp_int dss_k, dss_m; - mp_int dss_temp1, dss_temp2; - mp_int dss_r, dss_s; + DEF_MP_INT(dss_k); + DEF_MP_INT(dss_m); + DEF_MP_INT(dss_temp1); + DEF_MP_INT(dss_temp2); + DEF_MP_INT(dss_r); + DEF_MP_INT(dss_s); hash_state hs; TRACE(("enter buf_put_dss_sign")); @@ -89,7 +89,10 @@ static void getq(dss_key *key) { static void getp(dss_key *key, unsigned int size) { - mp_int tempX, tempC, tempP, temp2q; + DEF_MP_INT(tempX); + DEF_MP_INT(tempC); + DEF_MP_INT(tempP); + DEF_MP_INT(temp2q); int result; unsigned char *buf; @@ -148,7 +151,9 @@ static void getp(dss_key *key, unsigned int size) { static void getg(dss_key * key) { char printbuf[1000]; - mp_int div, h, val; + DEF_MP_INT(div); + DEF_MP_INT(h); + DEF_MP_INT(val); m_mp_init_multi(&div, &h, &val, NULL); @@ -185,7 +190,7 @@ static void getg(dss_key * key) { static void getx(dss_key *key) { - mp_int val; + DEF_MP_INT(val); char buf[QSIZE]; m_mp_init(&val); @@ -40,7 +40,9 @@ static void getrsaprime(mp_int* prime, mp_int *primeminus, rsa_key * gen_rsa_priv_key(unsigned int size) { rsa_key * key; - mp_int pminus, qminus, lcm; + DEF_MP_INT(pminus); + DEF_MP_INT(qminus); + DEF_MP_INT(lcm); key = (rsa_key*)m_malloc(sizeof(rsa_key)); @@ -95,7 +97,7 @@ static void getrsaprime(mp_int* prime, mp_int *primeminus, mp_int* rsa_e, unsigned int size) { unsigned char *buf; - mp_int temp_gcd; + DEF_MP_INT(temp_gcd); buf = (unsigned char*)m_malloc(size+1); @@ -139,7 +139,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define ENABLE_CLI_PUBKEY_AUTH /* Random device to use - you must specify _one only_. - * DEV_RANDOM is recommended on hosts with a good /dev/urandom, otherwise use + * DEV_URANDOM is recommended on hosts with a good /dev/urandom, otherwise use * PRNGD and run prngd, specifying the socket. This device must be able to * produce a large amount of random data, so using /dev/random or Entropy * Gathering Daemon (egd) may result in halting, as it waits for more random @@ -201,7 +201,8 @@ int buf_rsa_verify(buffer * buf, rsa_key *key, const unsigned char* data, unsigned int len) { unsigned int slen; - mp_int rsa_s, rsa_mdash; + DEF_MP_INT(rsa_s); + DEF_MP_INT(rsa_mdash); mp_int *rsa_em = NULL; int ret = DROPBEAR_FAILURE; @@ -262,7 +263,7 @@ void buf_put_rsa_sign(buffer* buf, rsa_key *key, const unsigned char* data, unsigned int nsize, ssize; unsigned int i; - mp_int rsa_s; + DEF_MP_INT(rsa_s); mp_int *rsa_em = NULL; TRACE(("enter buf_put_rsa_sign")); @@ -44,7 +44,7 @@ static void send_msg_kexdh_reply(mp_int *dh_e); * that function, then brings the new keys into use */ void recv_msg_kexdh_init() { - mp_int dh_e; + DEF_MP_INT(dh_e); TRACE(("enter recv_msg_kexdh_init")); if (!ses.kexstate.recvkexinit) { @@ -71,9 +71,11 @@ void recv_msg_kexdh_init() { * See the ietf-secsh-transport draft, section 6, for details */ static void send_msg_kexdh_reply(mp_int *dh_e) { - mp_int dh_y, dh_f; + DEF_MP_INT(dh_y); + DEF_MP_INT(dh_f); TRACE(("enter send_msg_kexdh_reply")); + m_mp_init_multi(&dh_y, &dh_f, NULL); gen_kexdh_vals(&dh_f, &dh_y); |