diff options
author | Colin Watson <cjwatson@debian.org> | 2014-03-20 00:32:39 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-03-20 00:34:16 +0000 |
commit | 2ee2de47fd0f684f54218d31b4ec83930e69c18e (patch) | |
tree | 86848a7668424b392d48791a0e41e05f9df7b62b /cipher.c | |
parent | c9947303ad3c432b1cadfbeb1d95a7cd38662d66 (diff) | |
parent | 9cbb60f5e4932634db04c330c88abc49cc5567bd (diff) |
Merge 6.6p1.
* New upstream release (http://www.openssh.com/txt/release-6.6).
Diffstat (limited to 'cipher.c')
-rw-r--r-- | cipher.c | 22 |
1 files changed, 9 insertions, 13 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher.c,v 1.94 2014/01/25 10:12:50 dtucker Exp $ */ | 1 | /* $OpenBSD: cipher.c,v 1.97 2014/02/07 06:55:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -39,8 +39,6 @@ | |||
39 | 39 | ||
40 | #include <sys/types.h> | 40 | #include <sys/types.h> |
41 | 41 | ||
42 | #include <openssl/md5.h> | ||
43 | |||
44 | #include <string.h> | 42 | #include <string.h> |
45 | #include <stdarg.h> | 43 | #include <stdarg.h> |
46 | #include <stdio.h> | 44 | #include <stdio.h> |
@@ -49,6 +47,8 @@ | |||
49 | #include "log.h" | 47 | #include "log.h" |
50 | #include "misc.h" | 48 | #include "misc.h" |
51 | #include "cipher.h" | 49 | #include "cipher.h" |
50 | #include "buffer.h" | ||
51 | #include "digest.h" | ||
52 | 52 | ||
53 | /* compatibility with old or broken OpenSSL versions */ | 53 | /* compatibility with old or broken OpenSSL versions */ |
54 | #include "openbsd-compat/openssl-compat.h" | 54 | #include "openbsd-compat/openssl-compat.h" |
@@ -228,8 +228,6 @@ ciphers_valid(const char *names) | |||
228 | debug("bad cipher %s [%s]", p, names); | 228 | debug("bad cipher %s [%s]", p, names); |
229 | free(cipher_list); | 229 | free(cipher_list); |
230 | return 0; | 230 | return 0; |
231 | } else { | ||
232 | debug3("cipher ok: %s [%s]", p, names); | ||
233 | } | 231 | } |
234 | } | 232 | } |
235 | debug3("ciphers ok: [%s]", names); | 233 | debug3("ciphers ok: [%s]", names); |
@@ -337,7 +335,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, | |||
337 | if (EVP_Cipher(&cc->evp, discard, junk, | 335 | if (EVP_Cipher(&cc->evp, discard, junk, |
338 | cipher->discard_len) == 0) | 336 | cipher->discard_len) == 0) |
339 | fatal("evp_crypt: EVP_Cipher failed during discard"); | 337 | fatal("evp_crypt: EVP_Cipher failed during discard"); |
340 | memset(discard, 0, cipher->discard_len); | 338 | explicit_bzero(discard, cipher->discard_len); |
341 | free(junk); | 339 | free(junk); |
342 | free(discard); | 340 | free(discard); |
343 | } | 341 | } |
@@ -422,7 +420,7 @@ void | |||
422 | cipher_cleanup(CipherContext *cc) | 420 | cipher_cleanup(CipherContext *cc) |
423 | { | 421 | { |
424 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) | 422 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) |
425 | memset(&cc->cp_ctx, 0, sizeof(cc->cp_ctx)); | 423 | explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); |
426 | else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) | 424 | else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) |
427 | error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); | 425 | error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); |
428 | } | 426 | } |
@@ -436,17 +434,15 @@ void | |||
436 | cipher_set_key_string(CipherContext *cc, const Cipher *cipher, | 434 | cipher_set_key_string(CipherContext *cc, const Cipher *cipher, |
437 | const char *passphrase, int do_encrypt) | 435 | const char *passphrase, int do_encrypt) |
438 | { | 436 | { |
439 | MD5_CTX md; | ||
440 | u_char digest[16]; | 437 | u_char digest[16]; |
441 | 438 | ||
442 | MD5_Init(&md); | 439 | if (ssh_digest_memory(SSH_DIGEST_MD5, passphrase, strlen(passphrase), |
443 | MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase)); | 440 | digest, sizeof(digest)) < 0) |
444 | MD5_Final(digest, &md); | 441 | fatal("%s: md5 failed", __func__); |
445 | 442 | ||
446 | cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); | 443 | cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); |
447 | 444 | ||
448 | memset(digest, 0, sizeof(digest)); | 445 | explicit_bzero(digest, sizeof(digest)); |
449 | memset(&md, 0, sizeof(md)); | ||
450 | } | 446 | } |
451 | 447 | ||
452 | /* | 448 | /* |