X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/9c6af4eca6bfb7bed6f86b1f32479f933979c080..refs/heads/mdw/xdh:/site.c

diff --git a/site.c b/site.c
index 4da99e3..3971e68 100644
--- a/site.c
+++ b/site.c
@@ -534,7 +534,7 @@ struct msg {
     uint8_t *nR;
     uint8_t *nL;
     int32_t pklen;
-    char *pk;
+    uint8_t *pk;
     int32_t hashlen;
     int32_t siglen;
     char *sig;
@@ -550,7 +550,7 @@ static int32_t wait_timeout(struct site *st) {
     return t;
 }
 
-static _Bool set_new_transform(struct site *st, char *pk)
+static _Bool set_new_transform(struct site *st, uint8_t *pk, int32_t pklen)
 {
     _Bool ok;
 
@@ -558,9 +558,11 @@ static _Bool set_new_transform(struct site *st, char *pk)
     assert(!st->sharedsecret);
     st->sharedsecret = safe_malloc(st->chosen_dh->shared_len,
 				   "site:sharedsecret");
+    pk[pklen]=0; /* clobbers the following signature length, which we've
+		  * already copied */
     if (!st->chosen_dh->makeshared(st->chosen_dh->st,
 				   st->dhsecret,st->chosen_dh->secret_len,
-				   pk,
+				   pk,pklen,
 				   st->sharedsecret,
 				   st->chosen_dh->shared_len))
 	return False;
@@ -616,7 +618,10 @@ static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
 {
     void *hst;
     uint8_t *hash;
-    string_t dhpub, sig;
+    string_t sig;
+    uint8_t *pklen_addr;
+    int32_t pklen;
+    void *pk;
     unsigned minor;
 
     st->retries=st->setup_retries;
@@ -654,10 +659,13 @@ static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
 	buf_append_uint8(&st->buffer,st->chosen_dh->capab_bit);
     } while (0);
 
-    dhpub=st->chosen_dh->makepublic(st->chosen_dh->st,
+    pklen_addr=buf_append(&st->buffer,2);
+    pk=buf_append(&st->buffer,st->chosen_dh->public_len);
+    pklen=st->chosen_dh->makepublic(st->chosen_dh->st,
+				    pk,st->chosen_dh->public_len,
 				    st->dhsecret,st->chosen_dh->secret_len);
-    buf_append_string(&st->buffer,dhpub);
-    free(dhpub);
+    put_uint16(pklen_addr,pklen);
+    buf_unappend(&st->buffer,st->chosen_dh->public_len-pklen);
     hash=safe_malloc(st->hash->len, "generate_msg");
     hst=st->hash->init();
     st->hash->update(hst,st->buffer.start,st->buffer.size);
@@ -988,7 +996,7 @@ kind##_found:								\
     generate_dhsecret(st);
 
     /* Generate the shared key and set up the transform */
-    if (!set_new_transform(st,m.pk)) return False;
+    if (!set_new_transform(st,m.pk,m.pklen)) return False;
 
     return True;
 }
@@ -1019,7 +1027,7 @@ static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
     m.pk[m.pklen]=0;
 
     /* Generate the shared key and set up the transform */
-    if (!set_new_transform(st,m.pk)) return False;
+    if (!set_new_transform(st,m.pk,m.pklen)) return False;
 
     return True;
 }