From 9dd1db76f03d49c394f136658a0c60b88be07113 Mon Sep 17 00:00:00 2001
Message-Id: <9dd1db76f03d49c394f136658a0c60b88be07113.1714862986.git.mdw@distorted.org.uk>
From: Mark Wooding <mdw@chiark.greenend.org.uk>
Date: Sun, 9 Jul 2017 19:31:58 +0100
Subject: [PATCH] server/dh.c: Set the correct scalar size when loading XDH
 keys.
Organization: Straylight/Edgeware

From: Mark Wooding <mdw@distorted.org.uk>

This was left hardcoded as 32 bytes, which means that X448 could never
work.  (The `x448_stsc' function always fails because the buffer size
doesn't match its expectation.)
---
 server/dh.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/server/dh.c b/server/dh.c
index 5c27a079..014446e0 100644
--- a/server/dh.c
+++ b/server/dh.c
@@ -702,7 +702,9 @@ static void ecdh_freege(const dhgrp *gg, dhge *YY)
   }									\
 									\
   KLOAD(xdh, xdh, XDH,							\
-	{ kd->grp = CREATE(dhgrp); kd->grp->scsz = 32; },		\
+	{ kd->grp = CREATE(dhgrp);					\
+	  kd->grp->scsz = XDH##_KEYSZ;					\
+	},								\
 	{ if ((kd->k = xdh##_bintosc(&p.priv)) == 0) {			\
 	    a_format(e, "bad-private-key", A_END);			\
 	    goto fail;							\
-- 
[mdw]