X-Git-Url: https://git.lizzy.rs/?a=blobdiff_plain;f=sys%2Fsrc%2Flibsec%2Fport%2Ftlshand.c;h=48c281068e9507f21b33db3cd4831b0cbf680477;hb=c4fdc6bfdb2211e13643d5fba75edf437c122eef;hp=8151c60c4a61eccb100cc4a1452530732eb2043b;hpb=6b402b83cffc97015345dab1c27c35afe64bb3db;p=plan9front.git

diff --git a/sys/src/libsec/port/tlshand.c b/sys/src/libsec/port/tlshand.c
index 8151c60c4..48c281068 100644
--- a/sys/src/libsec/port/tlshand.c
+++ b/sys/src/libsec/port/tlshand.c
@@ -854,57 +854,99 @@ ectobytes(int type, ECpoint *p)
 static Bytes*
 tlsSecECDHEc(TlsSec *sec, uchar *srandom, int vers, int curve, Bytes *Ys)
 {
+	Namedcurve *nc, *enc;
 	Bytes *epm;
-	ECdomain *dom;
-	ECpoint K, *Y;
-	ECpriv *Q;
-
-	epm = nil;
-	Y = nil;
-	Q = nil;
+	ECdomain dom;
+	ECpoint G, K, Y;
+	ECpriv Q;
 
 	if(Ys == nil)
 		return nil;
 
+	enc = &namedcurves[nelem(namedcurves)];
+	for(nc = namedcurves; nc != enc; nc++)
+		if(nc->tlsid == curve)
+			break;
+
+	if(nc == enc)
+		return nil;
+		
 	memmove(sec->srandom, srandom, RandomSize);
 	if(setVers(sec, vers) < 0)
 		return nil;
+	
+	epm = nil;
 
-	dom = ecnamedcurve(curve);
-	if(dom == nil)
-		return nil;
+	memset(&dom, 0, sizeof(dom));
+	dom.p = strtomp(nc->p, nil, 16, nil);
+	dom.a = strtomp(nc->a, nil, 16, nil);
+	dom.b = strtomp(nc->b, nil, 16, nil);
+	dom.n = strtomp(nc->n, nil, 16, nil);
+	dom.h = strtomp(nc->h, nil, 16, nil);
 
+	memset(&G, 0, sizeof(G));
+	G.x = mpnew(0);
+	G.y = mpnew(0);
+
+	memset(&Q, 0, sizeof(Q));
+	Q.x = mpnew(0);
+	Q.y = mpnew(0);
+	Q.d = mpnew(0);
 
 	memset(&K, 0, sizeof(K));
 	K.x = mpnew(0);
 	K.y = mpnew(0);
 
+	memset(&Y, 0, sizeof(Y));
+	Y.x = mpnew(0);
+	Y.y = mpnew(0);
+
+	if(dom.p == nil || dom.a == nil || dom.b == nil || dom.n == nil || dom.h == nil)
+		goto Out;
+	if(Q.x == nil || Q.y == nil || Q.d == nil)
+		goto Out;
+	if(G.x == nil || G.y == nil)
+		goto Out;
 	if(K.x == nil || K.y == nil)
 		goto Out;
+	if(Y.x == nil || Y.y == nil)
+		goto Out;
 
-	Y = betoec(dom, Ys->data, Ys->len, nil);
-	if(Y == nil)
+	dom.G = strtoec(&dom, nc->G, nil, &G);
+	if(dom.G == nil)
 		goto Out;
 
-	Q = ecgen(dom, nil);
-	if(Q == nil)
+	if(bytestoec(&dom, Ys, &Y) == nil)
 		goto Out;
 
-	ecmul(dom, Y, Q->d, &K);
+	if(ecgen(&dom, &Q) == nil)
+		goto Out;
+
+	ecmul(&dom, &Y, Q.d, &K);
 	setMasterSecret(sec, mptobytes(K.x));
 
 	/* 0x04 = uncompressed public key */
-	epm = ectobytes(0x04, Q);
+	epm = ectobytes(0x04, &Q);
 	
 Out:
-	ecfreepriv(Q);
-
-	ecfreepoint(Y);
+	mpfree(Y.x);
+	mpfree(Y.y);
 
 	mpfree(K.x);
 	mpfree(K.y);
 
-	ecfreedomain(dom);
+	mpfree(Q.x);
+	mpfree(Q.y);
+	mpfree(Q.d);
+
+	mpfree(G.x);
+	mpfree(G.y);
+
+	mpfree(dom.p);
+	mpfree(dom.a);
+	mpfree(dom.b);
+	mpfree(dom.n);
+	mpfree(dom.h);
 
 	return epm;
 }
@@ -1915,7 +1957,7 @@ setVersion(TlsConnection *c, int version)
 static int
 finishedMatch(TlsConnection *c, Finished *f)
 {
-	return constcmp(f->verify, c->finished.verify, f->n) == 0;
+	return memcmp(f->verify, c->finished.verify, f->n) == 0;
 }
 
 // free memory associated with TlsConnection struct