diff options
author | Damien Miller <djm@mindrot.org> | 2010-11-05 10:19:49 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-11-05 10:19:49 +1100 |
commit | b472a90d4ceca15620aa525099bf4b2d5ba8a59b (patch) | |
tree | f4b9c97b1c3d78f68da5159852b7593a280edcf5 /authfile.c | |
parent | 3a0e9f6479d50a95b5ccd7d7668b0ff45571de9c (diff) |
- djm@cvs.openbsd.org 2010/10/28 11:22:09
[authfile.c key.c key.h ssh-keygen.c]
fix a possible NULL deref on loading a corrupt ECDH key
store ECDH group information in private keys files as "named groups"
rather than as a set of explicit group parameters (by setting
the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
retrieves the group's OpenSSL NID that we need for various things.
Diffstat (limited to 'authfile.c')
-rw-r--r-- | authfile.c | 14 |
1 files changed, 5 insertions, 9 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.84 2010/09/08 03:54:36 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.85 2010/10/28 11:22:09 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -523,13 +523,9 @@ key_load_private_pem(int fd, int type, const char *passphrase, prv = key_new(KEY_UNSPEC); prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk); prv->type = KEY_ECDSA; - prv->ecdsa_nid = key_ecdsa_group_to_nid( - EC_KEY_get0_group(prv->ecdsa)); - if (key_curve_nid_to_name(prv->ecdsa_nid) == NULL) { - key_free(prv); - prv = NULL; - } - if (key_ec_validate_public(EC_KEY_get0_group(prv->ecdsa), + if ((prv->ecdsa_nid = key_ecdsa_key_to_nid(prv->ecdsa)) == -1 || + key_curve_nid_to_name(prv->ecdsa_nid) == NULL || + key_ec_validate_public(EC_KEY_get0_group(prv->ecdsa), EC_KEY_get0_public_key(prv->ecdsa)) != 0 || key_ec_validate_private(prv->ecdsa) != 0) { error("%s: bad ECDSA key", __func__); @@ -538,7 +534,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, } name = "ecdsa w/o comment"; #ifdef DEBUG_PK - if (prv->ecdsa != NULL) + if (prv != NULL && prv->ecdsa != NULL) key_dump_ec_key(prv->ecdsa); #endif #endif /* OPENSSL_HAS_ECC */ |