Re: CVS commit: src/crypto/external/bsd/openssh/dist

On Feb 6, 1:26pm, m...@netbsd.org (m...@netbsd.org) wrote: -- Subject: Re: CVS commit: src/crypto/external/bsd/openssh/dist | > + const BIGNUM *pub_key; | > + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) | > + goto out; | > + DH_get0_key(kex->dh, _key, NULL); | > + if

Re: CVS commit: src/crypto/external/bsd/openssh/dist

On Tue, Feb 06, 2018 at 01:26:41PM +, m...@netbsd.org wrote: > BN_clear_free will null deref on this error path I think oops, I"m relying on ctags and went into the heimdal BN_clear_free instead which does this, and not the openssl which does NULL test.

Re: CVS commit: src/crypto/external/bsd/openssh/dist

> + const BIGNUM *pub_key; > + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) > + goto out; > + DH_get0_key(kex->dh, _key, NULL); > + if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || > + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || > +

Re: CVS commit: src/crypto/external/bsd/openssh/dist

On Feb 6, 11:10am, m...@netbsd.org (m...@netbsd.org) wrote: -- Subject: Re: CVS commit: src/crypto/external/bsd/openssh/dist | On Sun, Feb 04, 2018 at 07:13:50PM -0500, Christos Zoulas wrote: | > - return BN_num_bits(k->rsa->n); | > +#if OPENSSL_VERSION_NUMBER >= 0x1010UL | > +

Re: CVS commit: src/crypto/external/bsd/openssh/dist

On Sun, Feb 04, 2018 at 07:13:50PM -0500, Christos Zoulas wrote: > - return BN_num_bits(k->rsa->n); > +#if OPENSSL_VERSION_NUMBER >= 0x1010UL > + return RSA_bits(k->rsa); > +#else > + return BN_num_bits(k->rsa->p); > +#endif > case KEY_DSA: >