- djm@cvs.openbsd.org 2010/10/28 11:22:09

[authfile.c key.c key.h ssh-keygen.c] fix a possible NULL deref on loading a corrupt ECDH key store ECDH group information in private keys files as "named groups" rather than as a set of explicit group parameters (by setting the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and retrieves the group's OpenSSL NID that we need for various things.
author: djm <djm> 2010-11-04 23:19:49 +0000
committer: djm <djm> 2010-11-04 23:19:49 +0000
commit: ac85e76824b51f6ddb930414c573ca09bb90d185 (patch)
tree: b9623ec39695b535063d4d8c73ab1a14effc7439 /ssh-keygen.c
parent: b197eeee74a5e667594e88f579ff059c9556e4e7 (diff)
download: openssh-ac85e76824b51f6ddb930414c573ca09bb90d185.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index bbd434b0..560c4818 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.203 2010/09/02 17:21:50 naddy Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.204 2010/10/28 11:22:09 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -556,8 +556,7 @@ do_convert_from_pkcs8(Key **k, int *private)
 		*k = key_new(KEY_UNSPEC);
 		(*k)->type = KEY_ECDSA;
 		(*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey);
-		(*k)->ecdsa_nid = key_ecdsa_group_to_nid(
-		    EC_KEY_get0_group((*k)->ecdsa));
+		(*k)->ecdsa_nid = key_ecdsa_key_to_nid((*k)->ecdsa);
 		break;
 #endif
 	default:
author	djm <djm>	2010-11-04 23:19:49 +0000
committer	djm <djm>	2010-11-04 23:19:49 +0000
commit	ac85e76824b51f6ddb930414c573ca09bb90d185 (patch)
tree	b9623ec39695b535063d4d8c73ab1a14effc7439 /ssh-keygen.c
parent	b197eeee74a5e667594e88f579ff059c9556e4e7 (diff)
download	openssh-ac85e76824b51f6ddb930414c573ca09bb90d185.tar.gz