diff options
author | Damien Miller <djm@mindrot.org> | 2000-04-29 23:57:08 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-04-29 23:57:08 +1000 |
commit | eba71bab9bf01c0d688f829a8971f902732558df (patch) | |
tree | a9d5b50568bfc10cc50291fd3604debfaf3e3783 /sshd.c | |
parent | 8117111a3c1360727e3c54aad31aa045e7a7871b (diff) |
- Merge big update to OpenSSH-2.0 from OpenBSD CVS
[README.openssh2]
- interop w/ F-secure windows client
- sync documentation
- ssh_host_dsa_key not ssh_dsa_key
[auth-rsa.c]
- missing fclose
[auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
[readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
[sshd.c uuencode.c uuencode.h authfile.h]
- add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
for trading keys with the real and the original SSH, directly from the
people who invented the SSH protocol.
[auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
[sshconnect1.c sshconnect2.c]
- split auth/sshconnect in one file per protocol version
[sshconnect2.c]
- remove debug
[uuencode.c]
- add trailing =
[version.h]
- OpenSSH-2.0
[ssh-keygen.1 ssh-keygen.c]
- add -R flag: exit code indicates if RSA is alive
[sshd.c]
- remove unused
silent if -Q is specified
[ssh.h]
- host key becomes /etc/ssh_host_dsa_key
[readconf.c servconf.c ]
- ssh/sshd default to proto 1 and 2
[uuencode.c]
- remove debug
[auth2.c ssh-keygen.c sshconnect2.c sshd.c]
- xfree DSA blobs
[auth2.c serverloop.c session.c]
- cleanup logging for sshd/2, respect PasswordAuth no
[sshconnect2.c]
- less debug, respect .ssh/config
[README.openssh2 channels.c channels.h]
- clientloop.c session.c ssh.c
- support for x11-fwding, client+server
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 221 |
1 files changed, 139 insertions, 82 deletions
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: sshd.c,v 1.107 2000/04/19 07:05:50 deraadt Exp $"); | 17 | RCSID("$OpenBSD: sshd.c,v 1.111 2000/04/27 08:01:28 markus Exp $"); |
18 | 18 | ||
19 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
20 | #include "rsa.h" | 20 | #include "rsa.h" |
@@ -40,6 +40,7 @@ RCSID("$OpenBSD: sshd.c,v 1.107 2000/04/19 07:05:50 deraadt Exp $"); | |||
40 | 40 | ||
41 | #include "auth.h" | 41 | #include "auth.h" |
42 | #include "myproposal.h" | 42 | #include "myproposal.h" |
43 | #include "authfile.h" | ||
43 | 44 | ||
44 | #ifdef LIBWRAP | 45 | #ifdef LIBWRAP |
45 | #include <tcpd.h> | 46 | #include <tcpd.h> |
@@ -112,8 +113,9 @@ char *server_version_string = NULL; | |||
112 | * not very useful. Currently, memory locking is not implemented. | 113 | * not very useful. Currently, memory locking is not implemented. |
113 | */ | 114 | */ |
114 | struct { | 115 | struct { |
115 | RSA *private_key; /* Private part of server key. */ | 116 | RSA *private_key; /* Private part of empheral server key. */ |
116 | RSA *host_key; /* Private part of host key. */ | 117 | RSA *host_key; /* Private part of host key. */ |
118 | Key *dsa_host_key; /* Private DSA host key. */ | ||
117 | } sensitive_data; | 119 | } sensitive_data; |
118 | 120 | ||
119 | /* | 121 | /* |
@@ -132,6 +134,10 @@ RSA *public_key; | |||
132 | /* session identifier, used by RSA-auth */ | 134 | /* session identifier, used by RSA-auth */ |
133 | unsigned char session_id[16]; | 135 | unsigned char session_id[16]; |
134 | 136 | ||
137 | /* same for ssh2 */ | ||
138 | unsigned char *session_id2 = NULL; | ||
139 | int session_id2_len = 0; | ||
140 | |||
135 | /* Prototypes for various functions defined later in this file. */ | 141 | /* Prototypes for various functions defined later in this file. */ |
136 | void do_ssh1_kex(); | 142 | void do_ssh1_kex(); |
137 | void do_ssh2_kex(); | 143 | void do_ssh2_kex(); |
@@ -224,6 +230,7 @@ grace_alarm_handler(int sig) | |||
224 | * Thus there should be no concurrency control/asynchronous execution | 230 | * Thus there should be no concurrency control/asynchronous execution |
225 | * problems. | 231 | * problems. |
226 | */ | 232 | */ |
233 | /* XXX do we really want this work to be done in a signal handler ? -m */ | ||
227 | void | 234 | void |
228 | key_regeneration_alarm(int sig) | 235 | key_regeneration_alarm(int sig) |
229 | { | 236 | { |
@@ -344,6 +351,13 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
344 | mismatch = 0; | 351 | mismatch = 0; |
345 | switch(remote_major) { | 352 | switch(remote_major) { |
346 | case 1: | 353 | case 1: |
354 | if (remote_minor == 99) { | ||
355 | if (options.protocol & SSH_PROTO_2) | ||
356 | enable_compat20(); | ||
357 | else | ||
358 | mismatch = 1; | ||
359 | break; | ||
360 | } | ||
347 | if (!(options.protocol & SSH_PROTO_1)) { | 361 | if (!(options.protocol & SSH_PROTO_1)) { |
348 | mismatch = 1; | 362 | mismatch = 1; |
349 | break; | 363 | break; |
@@ -355,12 +369,6 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
355 | /* note that this disables agent-forwarding */ | 369 | /* note that this disables agent-forwarding */ |
356 | enable_compat13(); | 370 | enable_compat13(); |
357 | } | 371 | } |
358 | if (remote_minor == 99) { | ||
359 | if (options.protocol & SSH_PROTO_2) | ||
360 | enable_compat20(); | ||
361 | else | ||
362 | mismatch = 1; | ||
363 | } | ||
364 | break; | 372 | break; |
365 | case 2: | 373 | case 2: |
366 | if (options.protocol & SSH_PROTO_2) { | 374 | if (options.protocol & SSH_PROTO_2) { |
@@ -386,6 +394,20 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
386 | server_version_string, client_version_string); | 394 | server_version_string, client_version_string); |
387 | fatal_cleanup(); | 395 | fatal_cleanup(); |
388 | } | 396 | } |
397 | if (compat20) | ||
398 | packet_set_ssh2_format(); | ||
399 | } | ||
400 | |||
401 | |||
402 | void | ||
403 | destroy_sensitive_data(void) | ||
404 | { | ||
405 | /* Destroy the private and public keys. They will no longer be needed. */ | ||
406 | RSA_free(public_key); | ||
407 | RSA_free(sensitive_data.private_key); | ||
408 | RSA_free(sensitive_data.host_key); | ||
409 | if (sensitive_data.dsa_host_key != NULL) | ||
410 | key_free(sensitive_data.dsa_host_key); | ||
389 | } | 411 | } |
390 | 412 | ||
391 | /* | 413 | /* |
@@ -399,12 +421,11 @@ main(int ac, char **av) | |||
399 | int opt, sock_in = 0, sock_out = 0, newsock, i, fdsetsz, on = 1; | 421 | int opt, sock_in = 0, sock_out = 0, newsock, i, fdsetsz, on = 1; |
400 | pid_t pid; | 422 | pid_t pid; |
401 | socklen_t fromlen; | 423 | socklen_t fromlen; |
402 | int silentrsa = 0; | 424 | int silent = 0; |
403 | fd_set *fdset; | 425 | fd_set *fdset; |
404 | struct sockaddr_storage from; | 426 | struct sockaddr_storage from; |
405 | const char *remote_ip; | 427 | const char *remote_ip; |
406 | int remote_port; | 428 | int remote_port; |
407 | char *comment; | ||
408 | FILE *f; | 429 | FILE *f; |
409 | struct linger linger; | 430 | struct linger linger; |
410 | struct addrinfo *ai; | 431 | struct addrinfo *ai; |
@@ -441,7 +462,7 @@ main(int ac, char **av) | |||
441 | inetd_flag = 1; | 462 | inetd_flag = 1; |
442 | break; | 463 | break; |
443 | case 'Q': | 464 | case 'Q': |
444 | silentrsa = 1; | 465 | silent = 1; |
445 | break; | 466 | break; |
446 | case 'q': | 467 | case 'q': |
447 | options.log_level = SYSLOG_LEVEL_QUIET; | 468 | options.log_level = SYSLOG_LEVEL_QUIET; |
@@ -497,27 +518,14 @@ main(int ac, char **av) | |||
497 | log_init(av0, | 518 | log_init(av0, |
498 | options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, | 519 | options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, |
499 | options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility, | 520 | options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility, |
500 | !inetd_flag); | 521 | !silent && !inetd_flag); |
501 | 522 | ||
502 | /* check if RSA support exists */ | ||
503 | if (rsa_alive() == 0) { | ||
504 | if (silentrsa == 0) | ||
505 | printf("sshd: no RSA support in libssl and libcrypto -- exiting. See ssl(8)\n"); | ||
506 | log("no RSA support in libssl and libcrypto -- exiting. See ssl(8)"); | ||
507 | exit(1); | ||
508 | } | ||
509 | /* Read server configuration options from the configuration file. */ | 523 | /* Read server configuration options from the configuration file. */ |
510 | read_server_config(&options, config_file_name); | 524 | read_server_config(&options, config_file_name); |
511 | 525 | ||
512 | /* Fill in default values for those options not explicitly set. */ | 526 | /* Fill in default values for those options not explicitly set. */ |
513 | fill_default_server_options(&options); | 527 | fill_default_server_options(&options); |
514 | 528 | ||
515 | /* Check certain values for sanity. */ | ||
516 | if (options.server_key_bits < 512 || | ||
517 | options.server_key_bits > 32768) { | ||
518 | fprintf(stderr, "Bad server key size.\n"); | ||
519 | exit(1); | ||
520 | } | ||
521 | /* Check that there are no remaining arguments. */ | 529 | /* Check that there are no remaining arguments. */ |
522 | if (optind < ac) { | 530 | if (optind < ac) { |
523 | fprintf(stderr, "Extra argument %s.\n", av[optind]); | 531 | fprintf(stderr, "Extra argument %s.\n", av[optind]); |
@@ -526,26 +534,79 @@ main(int ac, char **av) | |||
526 | 534 | ||
527 | debug("sshd version %.100s", SSH_VERSION); | 535 | debug("sshd version %.100s", SSH_VERSION); |
528 | 536 | ||
529 | sensitive_data.host_key = RSA_new(); | 537 | sensitive_data.dsa_host_key = NULL; |
530 | errno = 0; | 538 | sensitive_data.host_key = NULL; |
531 | /* Load the host key. It must have empty passphrase. */ | 539 | |
532 | if (!load_private_key(options.host_key_file, "", | 540 | /* check if RSA support exists */ |
533 | sensitive_data.host_key, &comment)) { | 541 | if ((options.protocol & SSH_PROTO_1) && |
534 | error("Could not load host key: %.200s: %.100s", | 542 | rsa_alive() == 0) { |
535 | options.host_key_file, strerror(errno)); | 543 | log("no RSA support in libssl and libcrypto. See ssl(8)"); |
544 | log("Disabling protocol version 1"); | ||
545 | options.protocol &= ~SSH_PROTO_1; | ||
546 | } | ||
547 | /* Load the RSA/DSA host key. It must have empty passphrase. */ | ||
548 | if (options.protocol & SSH_PROTO_1) { | ||
549 | Key k; | ||
550 | sensitive_data.host_key = RSA_new(); | ||
551 | k.type = KEY_RSA; | ||
552 | k.rsa = sensitive_data.host_key; | ||
553 | errno = 0; | ||
554 | if (!load_private_key(options.host_key_file, "", &k, NULL)) { | ||
555 | error("Could not load host key: %.200s: %.100s", | ||
556 | options.host_key_file, strerror(errno)); | ||
557 | log("Disabling protocol version 1"); | ||
558 | options.protocol &= ~SSH_PROTO_1; | ||
559 | } | ||
560 | k.rsa = NULL; | ||
561 | } | ||
562 | if (options.protocol & SSH_PROTO_2) { | ||
563 | sensitive_data.dsa_host_key = key_new(KEY_DSA); | ||
564 | if (!load_private_key(options.dsa_key_file, "", sensitive_data.dsa_host_key, NULL)) { | ||
565 | error("Could not load DSA host key: %.200s", options.dsa_key_file); | ||
566 | log("Disabling protocol version 2"); | ||
567 | options.protocol &= ~SSH_PROTO_2; | ||
568 | } | ||
569 | } | ||
570 | if (! options.protocol & (SSH_PROTO_1|SSH_PROTO_2)) { | ||
571 | if (silent == 0) | ||
572 | fprintf(stderr, "sshd: no hostkeys available -- exiting.\n"); | ||
573 | log("sshd: no hostkeys available -- exiting.\n"); | ||
536 | exit(1); | 574 | exit(1); |
537 | } | 575 | } |
538 | xfree(comment); | ||
539 | 576 | ||
540 | /* Initialize the log (it is reinitialized below in case we | 577 | /* Check certain values for sanity. */ |
541 | forked). */ | 578 | if (options.protocol & SSH_PROTO_1) { |
579 | if (options.server_key_bits < 512 || | ||
580 | options.server_key_bits > 32768) { | ||
581 | fprintf(stderr, "Bad server key size.\n"); | ||
582 | exit(1); | ||
583 | } | ||
584 | /* | ||
585 | * Check that server and host key lengths differ sufficiently. This | ||
586 | * is necessary to make double encryption work with rsaref. Oh, I | ||
587 | * hate software patents. I dont know if this can go? Niels | ||
588 | */ | ||
589 | if (options.server_key_bits > | ||
590 | BN_num_bits(sensitive_data.host_key->n) - SSH_KEY_BITS_RESERVED && | ||
591 | options.server_key_bits < | ||
592 | BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED) { | ||
593 | options.server_key_bits = | ||
594 | BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED; | ||
595 | debug("Forcing server key to %d bits to make it differ from host key.", | ||
596 | options.server_key_bits); | ||
597 | } | ||
598 | } | ||
599 | |||
600 | /* Initialize the log (it is reinitialized below in case we forked). */ | ||
542 | if (debug_flag && !inetd_flag) | 601 | if (debug_flag && !inetd_flag) |
543 | log_stderr = 1; | 602 | log_stderr = 1; |
544 | log_init(av0, options.log_level, options.log_facility, log_stderr); | 603 | log_init(av0, options.log_level, options.log_facility, log_stderr); |
545 | 604 | ||
546 | /* If not in debugging mode, and not started from inetd, | 605 | /* |
547 | disconnect from the controlling terminal, and fork. The | 606 | * If not in debugging mode, and not started from inetd, disconnect |
548 | original process exits. */ | 607 | * from the controlling terminal, and fork. The original process |
608 | * exits. | ||
609 | */ | ||
549 | if (!debug_flag && !inetd_flag) { | 610 | if (!debug_flag && !inetd_flag) { |
550 | #ifdef TIOCNOTTY | 611 | #ifdef TIOCNOTTY |
551 | int fd; | 612 | int fd; |
@@ -565,18 +626,6 @@ main(int ac, char **av) | |||
565 | /* Reinitialize the log (because of the fork above). */ | 626 | /* Reinitialize the log (because of the fork above). */ |
566 | log_init(av0, options.log_level, options.log_facility, log_stderr); | 627 | log_init(av0, options.log_level, options.log_facility, log_stderr); |
567 | 628 | ||
568 | /* Check that server and host key lengths differ sufficiently. | ||
569 | This is necessary to make double encryption work with rsaref. | ||
570 | Oh, I hate software patents. I dont know if this can go? Niels */ | ||
571 | if (options.server_key_bits > | ||
572 | BN_num_bits(sensitive_data.host_key->n) - SSH_KEY_BITS_RESERVED && | ||
573 | options.server_key_bits < | ||
574 | BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED) { | ||
575 | options.server_key_bits = | ||
576 | BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED; | ||
577 | debug("Forcing server key to %d bits to make it differ from host key.", | ||
578 | options.server_key_bits); | ||
579 | } | ||
580 | /* Do not display messages to stdout in RSA code. */ | 629 | /* Do not display messages to stdout in RSA code. */ |
581 | rsa_set_verbose(0); | 630 | rsa_set_verbose(0); |
582 | 631 | ||
@@ -594,20 +643,22 @@ main(int ac, char **av) | |||
594 | s2 = dup(s1); | 643 | s2 = dup(s1); |
595 | sock_in = dup(0); | 644 | sock_in = dup(0); |
596 | sock_out = dup(1); | 645 | sock_out = dup(1); |
597 | /* We intentionally do not close the descriptors 0, 1, and 2 | 646 | /* |
598 | as our code for setting the descriptors won\'t work | 647 | * We intentionally do not close the descriptors 0, 1, and 2 |
599 | if ttyfd happens to be one of those. */ | 648 | * as our code for setting the descriptors won\'t work if |
649 | * ttyfd happens to be one of those. | ||
650 | */ | ||
600 | debug("inetd sockets after dupping: %d, %d", sock_in, sock_out); | 651 | debug("inetd sockets after dupping: %d, %d", sock_in, sock_out); |
601 | 652 | ||
602 | public_key = RSA_new(); | 653 | if (options.protocol & SSH_PROTO_1) { |
603 | sensitive_data.private_key = RSA_new(); | 654 | public_key = RSA_new(); |
604 | 655 | sensitive_data.private_key = RSA_new(); | |
605 | /* XXX check options.protocol */ | 656 | log("Generating %d bit RSA key.", options.server_key_bits); |
606 | log("Generating %d bit RSA key.", options.server_key_bits); | 657 | rsa_generate_key(sensitive_data.private_key, public_key, |
607 | rsa_generate_key(sensitive_data.private_key, public_key, | 658 | options.server_key_bits); |
608 | options.server_key_bits); | 659 | arc4random_stir(); |
609 | arc4random_stir(); | 660 | log("RSA key generation complete."); |
610 | log("RSA key generation complete."); | 661 | } |
611 | } else { | 662 | } else { |
612 | for (ai = options.listen_addrs; ai; ai = ai->ai_next) { | 663 | for (ai = options.listen_addrs; ai; ai = ai->ai_next) { |
613 | if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) | 664 | if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) |
@@ -684,19 +735,20 @@ main(int ac, char **av) | |||
684 | fclose(f); | 735 | fclose(f); |
685 | } | 736 | } |
686 | } | 737 | } |
738 | if (options.protocol & SSH_PROTO_1) { | ||
739 | public_key = RSA_new(); | ||
740 | sensitive_data.private_key = RSA_new(); | ||
687 | 741 | ||
688 | public_key = RSA_new(); | 742 | log("Generating %d bit RSA key.", options.server_key_bits); |
689 | sensitive_data.private_key = RSA_new(); | 743 | rsa_generate_key(sensitive_data.private_key, public_key, |
690 | 744 | options.server_key_bits); | |
691 | log("Generating %d bit RSA key.", options.server_key_bits); | 745 | arc4random_stir(); |
692 | rsa_generate_key(sensitive_data.private_key, public_key, | 746 | log("RSA key generation complete."); |
693 | options.server_key_bits); | ||
694 | arc4random_stir(); | ||
695 | log("RSA key generation complete."); | ||
696 | 747 | ||
697 | /* Schedule server key regeneration alarm. */ | 748 | /* Schedule server key regeneration alarm. */ |
698 | signal(SIGALRM, key_regeneration_alarm); | 749 | signal(SIGALRM, key_regeneration_alarm); |
699 | alarm(options.key_regeneration_time); | 750 | alarm(options.key_regeneration_time); |
751 | } | ||
700 | 752 | ||
701 | /* Arrange to restart on SIGHUP. The handler needs listen_sock. */ | 753 | /* Arrange to restart on SIGHUP. The handler needs listen_sock. */ |
702 | signal(SIGHUP, sighup_handler); | 754 | signal(SIGHUP, sighup_handler); |
@@ -1069,9 +1121,7 @@ do_ssh1_kex() | |||
1069 | sensitive_data.private_key->n); | 1121 | sensitive_data.private_key->n); |
1070 | 1122 | ||
1071 | /* Destroy the private and public keys. They will no longer be needed. */ | 1123 | /* Destroy the private and public keys. They will no longer be needed. */ |
1072 | RSA_free(public_key); | 1124 | destroy_sensitive_data(); |
1073 | RSA_free(sensitive_data.private_key); | ||
1074 | RSA_free(sensitive_data.host_key); | ||
1075 | 1125 | ||
1076 | /* | 1126 | /* |
1077 | * Extract session key from the decrypted integer. The key is in the | 1127 | * Extract session key from the decrypted integer. The key is in the |
@@ -1130,7 +1180,6 @@ do_ssh2_kex() | |||
1130 | unsigned char *kbuf; | 1180 | unsigned char *kbuf; |
1131 | unsigned char *hash; | 1181 | unsigned char *hash; |
1132 | Kex *kex; | 1182 | Kex *kex; |
1133 | Key *server_host_key; | ||
1134 | char *cprop[PROPOSAL_MAX]; | 1183 | char *cprop[PROPOSAL_MAX]; |
1135 | char *sprop[PROPOSAL_MAX]; | 1184 | char *sprop[PROPOSAL_MAX]; |
1136 | 1185 | ||
@@ -1231,8 +1280,8 @@ do_ssh2_kex() | |||
1231 | memset(kbuf, 0, klen); | 1280 | memset(kbuf, 0, klen); |
1232 | xfree(kbuf); | 1281 | xfree(kbuf); |
1233 | 1282 | ||
1234 | server_host_key = dsa_get_serverkey(options.dsa_key_file); | 1283 | /* XXX precompute? */ |
1235 | dsa_make_serverkey_blob(server_host_key, &server_host_key_blob, &sbloblen); | 1284 | dsa_make_key_blob(sensitive_data.dsa_host_key, &server_host_key_blob, &sbloblen); |
1236 | 1285 | ||
1237 | /* calc H */ /* XXX depends on 'kex' */ | 1286 | /* calc H */ /* XXX depends on 'kex' */ |
1238 | hash = kex_hash( | 1287 | hash = kex_hash( |
@@ -1255,10 +1304,17 @@ do_ssh2_kex() | |||
1255 | fprintf(stderr, "%02x", (hash[i])&0xff); | 1304 | fprintf(stderr, "%02x", (hash[i])&0xff); |
1256 | fprintf(stderr, "\n"); | 1305 | fprintf(stderr, "\n"); |
1257 | #endif | 1306 | #endif |
1307 | /* save session id := H */ | ||
1308 | /* XXX hashlen depends on KEX */ | ||
1309 | session_id2_len = 20; | ||
1310 | session_id2 = xmalloc(session_id2_len); | ||
1311 | memcpy(session_id2, hash, session_id2_len); | ||
1312 | |||
1258 | /* sign H */ | 1313 | /* sign H */ |
1259 | dsa_sign(server_host_key, &signature, &slen, hash, 20); | 1314 | /* XXX hashlen depends on KEX */ |
1260 | /* hashlen depends on KEX */ | 1315 | dsa_sign(sensitive_data.dsa_host_key, &signature, &slen, hash, 20); |
1261 | key_free(server_host_key); | 1316 | |
1317 | destroy_sensitive_data(); | ||
1262 | 1318 | ||
1263 | /* send server hostkey, DH pubkey 'f' and singed H */ | 1319 | /* send server hostkey, DH pubkey 'f' and singed H */ |
1264 | packet_start(SSH2_MSG_KEXDH_REPLY); | 1320 | packet_start(SSH2_MSG_KEXDH_REPLY); |
@@ -1267,6 +1323,7 @@ do_ssh2_kex() | |||
1267 | packet_put_string((char *)signature, slen); | 1323 | packet_put_string((char *)signature, slen); |
1268 | packet_send(); | 1324 | packet_send(); |
1269 | xfree(signature); | 1325 | xfree(signature); |
1326 | xfree(server_host_key_blob); | ||
1270 | packet_write_wait(); | 1327 | packet_write_wait(); |
1271 | 1328 | ||
1272 | kex_derive_keys(kex, hash, shared_secret); | 1329 | kex_derive_keys(kex, hash, shared_secret); |