diff --git a/cli-kex.c b/cli-kex.c
index ca29e7d07f031e5cafc81dce74a679a7840bf3ee..90c8d298f1567b0a581e80260ecdb8e144e8aee0 100644
--- a/cli-kex.c
+++ b/cli-kex.c
@@ -45,8 +45,8 @@ void send_msg_kexdh_init() {
cli_ses.dh_e = (mp_int*)m_malloc(sizeof(mp_int));
cli_ses.dh_x = (mp_int*)m_malloc(sizeof(mp_int));
-
m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
+
gen_kexdh_vals(cli_ses.dh_e, cli_ses.dh_x);
CHECKCLEARTOWRITE();
@@ -59,13 +59,18 @@ void send_msg_kexdh_init() {
/* Handle a diffie-hellman key exchange reply. */
void recv_msg_kexdh_reply() {
- mp_int dh_f;
+ DEF_MP_INT(dh_f);
sign_key *hostkey = NULL;
unsigned int type, keybloblen;
unsigned char* keyblob = NULL;
TRACE(("enter recv_msg_kexdh_reply"));
+
+ if (cli_ses.kex_state != KEXDH_INIT_SENT) {
+ dropbear_exit("Received out-of-order kexdhreply");
+ }
+ m_mp_init(&dh_f);
type = ses.newkeys->algo_hostkey;
TRACE(("type is %d", type));
@@ -83,7 +88,6 @@ void recv_msg_kexdh_reply() {
dropbear_exit("Bad KEX packet");
}
- m_mp_init(&dh_f);
if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) {
TRACE(("failed getting mpint"));
dropbear_exit("Bad KEX packet");
@@ -91,6 +95,9 @@ void recv_msg_kexdh_reply() {
kexdh_comb_key(cli_ses.dh_e, cli_ses.dh_x, &dh_f, hostkey);
mp_clear(&dh_f);
+ mp_clear_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
+ m_free(cli_ses.dh_e);
+ m_free(cli_ses.dh_x);
if (buf_verify(ses.payload, hostkey, ses.hash, SHA1_HASH_SIZE)
!= DROPBEAR_SUCCESS) {
diff --git a/common-kex.c b/common-kex.c
index f8bfe97897d64d81c081a83922fcea23e15dfc64..7bb0c82a14f0a3a7825e925a8f07d4ef735a0296 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -464,17 +464,18 @@ void recv_msg_kexinit() {
/* Initialises and generate one side of the diffie-hellman key exchange values.
* See the ietf-secsh-transport draft, section 6, for details */
-/* dh_pub and dh_priv will be initialised by this function, and should be
- * mp_clear()ed after finished */
+/* dh_pub and dh_priv MUST be already initialised */
void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv) {
- mp_int dh_p, dh_q, dh_g;
+ DEF_MP_INT(dh_p);
+ DEF_MP_INT(dh_q);
+ DEF_MP_INT(dh_g);
unsigned char randbuf[DH_P_LEN];
int dh_q_len;
TRACE(("enter send_msg_kexdh_reply"));
- m_mp_init_multi(&dh_g, &dh_p, &dh_q, dh_priv, dh_pub, NULL);
+ m_mp_init_multi(&dh_g, &dh_p, &dh_q, NULL);
/* read the prime and generator*/
if (mp_read_unsigned_bin(&dh_p, (unsigned char*)dh_p_val, DH_P_LEN)
diff --git a/dss.c b/dss.c
index 9b56f105ead2b75ef1299e95ff5f5501af620d90..5bd358a4ec77e3c6725dad2444ef3571d1ff2829 100644
--- a/dss.c
+++ b/dss.c
@@ -164,7 +164,10 @@ int buf_dss_verify(buffer* buf, dss_key *key, const unsigned char* data,
unsigned char msghash[SHA1_HASH_SIZE];
hash_state hs;
int ret = DROPBEAR_FAILURE;
- mp_int val1, val2, val3, val4;
+ DEF_MP_INT(val1);
+ DEF_MP_INT(val2);
+ DEF_MP_INT(val3);
+ DEF_MP_INT(val4);
char * string = NULL;
int stringlen;
@@ -281,13 +284,16 @@ void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data,
unsigned char privkeyhash[SHA512_HASH_SIZE];
unsigned char *privkeytmp;
unsigned char proto_k[SHA512_HASH_SIZE];
- mp_int dss_protok;
+ DEF_MP_INT(dss_protok);
#else
unsigned char kbuf[SHA1_HASH_SIZE];
#endif
- mp_int dss_k, dss_m;
- mp_int dss_temp1, dss_temp2;
- mp_int dss_r, dss_s;
+ DEF_MP_INT(dss_k);
+ DEF_MP_INT(dss_m);
+ DEF_MP_INT(dss_temp1);
+ DEF_MP_INT(dss_temp2);
+ DEF_MP_INT(dss_r);
+ DEF_MP_INT(dss_s);
hash_state hs;
TRACE(("enter buf_put_dss_sign"));
diff --git a/gendss.c b/gendss.c
index 5a440a18925e7142ac55b3ce87c8523b183c3111..e1b502d02b80fd624db5eb7a06f3b8851a5a595c 100644
--- a/gendss.c
+++ b/gendss.c
@@ -89,7 +89,10 @@ static void getq(dss_key *key) {
static void getp(dss_key *key, unsigned int size) {
- mp_int tempX, tempC, tempP, temp2q;
+ DEF_MP_INT(tempX);
+ DEF_MP_INT(tempC);
+ DEF_MP_INT(tempP);
+ DEF_MP_INT(temp2q);
int result;
unsigned char *buf;
@@ -148,7 +151,9 @@ static void getp(dss_key *key, unsigned int size) {
static void getg(dss_key * key) {
char printbuf[1000];
- mp_int div, h, val;
+ DEF_MP_INT(div);
+ DEF_MP_INT(h);
+ DEF_MP_INT(val);
m_mp_init_multi(&div, &h, &val, NULL);
@@ -185,7 +190,7 @@ static void getg(dss_key * key) {
static void getx(dss_key *key) {
- mp_int val;
+ DEF_MP_INT(val);
char buf[QSIZE];
m_mp_init(&val);
diff --git a/genrsa.c b/genrsa.c
index 330ebf2bd96f547472f6bd433d37024c8ce45a51..57115193ad6f5c083b633768d9437711faf50824 100644
--- a/genrsa.c
+++ b/genrsa.c
@@ -40,7 +40,9 @@ static void getrsaprime(mp_int* prime, mp_int *primeminus,
rsa_key * gen_rsa_priv_key(unsigned int size) {
rsa_key * key;
- mp_int pminus, qminus, lcm;
+ DEF_MP_INT(pminus);
+ DEF_MP_INT(qminus);
+ DEF_MP_INT(lcm);
key = (rsa_key*)m_malloc(sizeof(rsa_key));
@@ -95,7 +97,7 @@ static void getrsaprime(mp_int* prime, mp_int *primeminus,
mp_int* rsa_e, unsigned int size) {
unsigned char *buf;
- mp_int temp_gcd;
+ DEF_MP_INT(temp_gcd);
buf = (unsigned char*)m_malloc(size+1);
diff --git a/options.h b/options.h
index 2887c590009cf5cd119e1386dec7cf3dc842e354..9e7d1eed586198520314ae0562044dea3f1838a3 100644
--- a/options.h
+++ b/options.h
@@ -139,7 +139,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
#define ENABLE_CLI_PUBKEY_AUTH
/* Random device to use - you must specify _one only_.
- * DEV_RANDOM is recommended on hosts with a good /dev/urandom, otherwise use
+ * DEV_URANDOM is recommended on hosts with a good /dev/urandom, otherwise use
* PRNGD and run prngd, specifying the socket. This device must be able to
* produce a large amount of random data, so using /dev/random or Entropy
* Gathering Daemon (egd) may result in halting, as it waits for more random
diff --git a/rsa.c b/rsa.c
index 1130e93ba045d6a4890ada3cf44b3deff671dccc..7e891e043f48821bb7641e5eb42bcd26e91f6948 100644
--- a/rsa.c
+++ b/rsa.c
@@ -201,7 +201,8 @@ int buf_rsa_verify(buffer * buf, rsa_key *key, const unsigned char* data,
unsigned int len) {
unsigned int slen;
- mp_int rsa_s, rsa_mdash;
+ DEF_MP_INT(rsa_s);
+ DEF_MP_INT(rsa_mdash);
mp_int *rsa_em = NULL;
int ret = DROPBEAR_FAILURE;
@@ -262,7 +263,7 @@ void buf_put_rsa_sign(buffer* buf, rsa_key *key, const unsigned char* data,
unsigned int nsize, ssize;
unsigned int i;
- mp_int rsa_s;
+ DEF_MP_INT(rsa_s);
mp_int *rsa_em = NULL;
TRACE(("enter buf_put_rsa_sign"));
diff --git a/svr-kex.c b/svr-kex.c
index 816779c3f12a4ad2bff74d5b3447125b8bafe4e0..47c540ebde8892b02eeb2e6868bad070c6067911 100644
--- a/svr-kex.c
+++ b/svr-kex.c
@@ -44,7 +44,7 @@ static void send_msg_kexdh_reply(mp_int *dh_e);
* that function, then brings the new keys into use */
void recv_msg_kexdh_init() {
- mp_int dh_e;
+ DEF_MP_INT(dh_e);
TRACE(("enter recv_msg_kexdh_init"));
if (!ses.kexstate.recvkexinit) {
@@ -71,9 +71,11 @@ void recv_msg_kexdh_init() {
* See the ietf-secsh-transport draft, section 6, for details */
static void send_msg_kexdh_reply(mp_int *dh_e) {
- mp_int dh_y, dh_f;
+ DEF_MP_INT(dh_y);
+ DEF_MP_INT(dh_f);
TRACE(("enter send_msg_kexdh_reply"));
+ m_mp_init_multi(&dh_y, &dh_f, NULL);
gen_kexdh_vals(&dh_f, &dh_y);