From 251f60c031b2d46585ace7cb49fc551591f23261 Mon Sep 17 00:00:00 2001
From: Jon Simons <jon@jonsimons.org>
Date: Fri, 13 Dec 2019 19:59:43 -0500
Subject: [PATCH] curve25519: fix uninitialized arg to EVP_PKEY_derive

Ensure that the `keylen` argument as provided to `EVP_PKEY_derive`
is initialized, otherwise depending on stack contents, the function
call may fail.

Fixes T205.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit b94ecf18bd2bfe558586c461c092ad9d7cdea646)
---
 src/curve25519.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/curve25519.c b/src/curve25519.c
index 7a274b69..1d482a71 100644
--- a/src/curve25519.c
+++ b/src/curve25519.c
@@ -179,7 +179,7 @@ static int ssh_curve25519_build_k(ssh_session session)
 #ifdef HAVE_OPENSSL_X25519
     EVP_PKEY_CTX *pctx = NULL;
     EVP_PKEY *pkey = NULL, *pubkey = NULL;
-    size_t shared_key_len;
+    size_t shared_key_len = sizeof(k);
     int rc;
 
     pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_X25519, NULL,
@@ -240,9 +240,7 @@ static int ssh_curve25519_build_k(ssh_session session)
         return SSH_ERROR;
     }
 
-    rc = EVP_PKEY_derive(pctx,
-                         k,
-                         &shared_key_len);
+    rc = EVP_PKEY_derive(pctx, k, &shared_key_len);
     if (rc != 1) {
         SSH_LOG(SSH_LOG_TRACE,
                 "Failed to derive X25519 shared secret: %s",