1c1
< /* $OpenBSD: ssh-agent.c,v 1.166 2010/04/16 01:47:26 djm Exp $ */
---
> /* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */
38c38
< __RCSID("$FreeBSD: head/crypto/openssh/ssh-agent.c 215116 2010-11-11 11:46:19Z des $");
---
> __RCSID("$FreeBSD: head/crypto/openssh/ssh-agent.c 221420 2011-05-04 07:34:44Z des $");
471a472,476
> #ifdef OPENSSL_HAS_ECC
> BIGNUM *exponent;
> EC_POINT *q;
> char *curve;
> #endif
494d498
< xfree(type_name);
512a517,569
> #ifdef OPENSSL_HAS_ECC
> case KEY_ECDSA:
> k = key_new_private(type);
> k->ecdsa_nid = key_ecdsa_nid_from_name(type_name);
> curve = buffer_get_string(&e->request, NULL);
> if (k->ecdsa_nid != key_curve_name_to_nid(curve))
> fatal("%s: curve names mismatch", __func__);
> xfree(curve);
> k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
> if (k->ecdsa == NULL)
> fatal("%s: EC_KEY_new_by_curve_name failed",
> __func__);
> q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
> if (q == NULL)
> fatal("%s: BN_new failed", __func__);
> if ((exponent = BN_new()) == NULL)
> fatal("%s: BN_new failed", __func__);
> buffer_get_ecpoint(&e->request,
> EC_KEY_get0_group(k->ecdsa), q);
> buffer_get_bignum2(&e->request, exponent);
> if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
> fatal("%s: EC_KEY_set_public_key failed",
> __func__);
> if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
> fatal("%s: EC_KEY_set_private_key failed",
> __func__);
> if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
> EC_KEY_get0_public_key(k->ecdsa)) != 0)
> fatal("%s: bad ECDSA public key", __func__);
> if (key_ec_validate_private(k->ecdsa) != 0)
> fatal("%s: bad ECDSA private key", __func__);
> BN_clear_free(exponent);
> EC_POINT_free(q);
> break;
> case KEY_ECDSA_CERT:
> cert = buffer_get_string(&e->request, &len);
> if ((k = key_from_blob(cert, len)) == NULL)
> fatal("Certificate parse failed");
> xfree(cert);
> key_add_private(k);
> if ((exponent = BN_new()) == NULL)
> fatal("%s: BN_new failed", __func__);
> buffer_get_bignum2(&e->request, exponent);
> if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
> fatal("%s: EC_KEY_set_private_key failed",
> __func__);
> if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
> EC_KEY_get0_public_key(k->ecdsa)) != 0 ||
> key_ec_validate_private(k->ecdsa) != 0)
> fatal("%s: bad ECDSA key", __func__);
> BN_clear_free(exponent);
> break;
> #endif /* OPENSSL_HAS_ECC */
537a595
> xfree(type_name);
540a599
> xfree(type_name);
1097c1156
< SSLeay_add_all_algorithms();
---
> OpenSSL_add_all_algorithms();
1178c1237
< strlcpy(socket_dir, "/tmp/ssh-XXXXXXXXXX", sizeof socket_dir);
---
> mktemp_proto(socket_dir, sizeof(socket_dir));
< /* $OpenBSD: ssh-agent.c,v 1.166 2010/04/16 01:47:26 djm Exp $ */
---
> /* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */
38c38
< __RCSID("$FreeBSD: head/crypto/openssh/ssh-agent.c 215116 2010-11-11 11:46:19Z des $");
---
> __RCSID("$FreeBSD: head/crypto/openssh/ssh-agent.c 221420 2011-05-04 07:34:44Z des $");
471a472,476
> #ifdef OPENSSL_HAS_ECC
> BIGNUM *exponent;
> EC_POINT *q;
> char *curve;
> #endif
494d498
< xfree(type_name);
512a517,569
> #ifdef OPENSSL_HAS_ECC
> case KEY_ECDSA:
> k = key_new_private(type);
> k->ecdsa_nid = key_ecdsa_nid_from_name(type_name);
> curve = buffer_get_string(&e->request, NULL);
> if (k->ecdsa_nid != key_curve_name_to_nid(curve))
> fatal("%s: curve names mismatch", __func__);
> xfree(curve);
> k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
> if (k->ecdsa == NULL)
> fatal("%s: EC_KEY_new_by_curve_name failed",
> __func__);
> q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
> if (q == NULL)
> fatal("%s: BN_new failed", __func__);
> if ((exponent = BN_new()) == NULL)
> fatal("%s: BN_new failed", __func__);
> buffer_get_ecpoint(&e->request,
> EC_KEY_get0_group(k->ecdsa), q);
> buffer_get_bignum2(&e->request, exponent);
> if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
> fatal("%s: EC_KEY_set_public_key failed",
> __func__);
> if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
> fatal("%s: EC_KEY_set_private_key failed",
> __func__);
> if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
> EC_KEY_get0_public_key(k->ecdsa)) != 0)
> fatal("%s: bad ECDSA public key", __func__);
> if (key_ec_validate_private(k->ecdsa) != 0)
> fatal("%s: bad ECDSA private key", __func__);
> BN_clear_free(exponent);
> EC_POINT_free(q);
> break;
> case KEY_ECDSA_CERT:
> cert = buffer_get_string(&e->request, &len);
> if ((k = key_from_blob(cert, len)) == NULL)
> fatal("Certificate parse failed");
> xfree(cert);
> key_add_private(k);
> if ((exponent = BN_new()) == NULL)
> fatal("%s: BN_new failed", __func__);
> buffer_get_bignum2(&e->request, exponent);
> if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
> fatal("%s: EC_KEY_set_private_key failed",
> __func__);
> if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
> EC_KEY_get0_public_key(k->ecdsa)) != 0 ||
> key_ec_validate_private(k->ecdsa) != 0)
> fatal("%s: bad ECDSA key", __func__);
> BN_clear_free(exponent);
> break;
> #endif /* OPENSSL_HAS_ECC */
537a595
> xfree(type_name);
540a599
> xfree(type_name);
1097c1156
< SSLeay_add_all_algorithms();
---
> OpenSSL_add_all_algorithms();
1178c1237
< strlcpy(socket_dir, "/tmp/ssh-XXXXXXXXXX", sizeof socket_dir);
---
> mktemp_proto(socket_dir, sizeof(socket_dir));