diff options
Diffstat (limited to 'cipher.c')
| -rw-r--r-- | cipher.c | 22 |
1 files changed, 9 insertions, 13 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: cipher.c,v 1.94 2014/01/25 10:12:50 dtucker Exp $ */ | 1 | /* $OpenBSD: cipher.c,v 1.97 2014/02/07 06:55:54 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -39,8 +39,6 @@ | |||
| 39 | 39 | ||
| 40 | #include <sys/types.h> | 40 | #include <sys/types.h> |
| 41 | 41 | ||
| 42 | #include <openssl/md5.h> | ||
| 43 | |||
| 44 | #include <string.h> | 42 | #include <string.h> |
| 45 | #include <stdarg.h> | 43 | #include <stdarg.h> |
| 46 | #include <stdio.h> | 44 | #include <stdio.h> |
| @@ -49,6 +47,8 @@ | |||
| 49 | #include "log.h" | 47 | #include "log.h" |
| 50 | #include "misc.h" | 48 | #include "misc.h" |
| 51 | #include "cipher.h" | 49 | #include "cipher.h" |
| 50 | #include "buffer.h" | ||
| 51 | #include "digest.h" | ||
| 52 | 52 | ||
| 53 | /* compatibility with old or broken OpenSSL versions */ | 53 | /* compatibility with old or broken OpenSSL versions */ |
| 54 | #include "openbsd-compat/openssl-compat.h" | 54 | #include "openbsd-compat/openssl-compat.h" |
| @@ -228,8 +228,6 @@ ciphers_valid(const char *names) | |||
| 228 | debug("bad cipher %s [%s]", p, names); | 228 | debug("bad cipher %s [%s]", p, names); |
| 229 | free(cipher_list); | 229 | free(cipher_list); |
| 230 | return 0; | 230 | return 0; |
| 231 | } else { | ||
| 232 | debug3("cipher ok: %s [%s]", p, names); | ||
| 233 | } | 231 | } |
| 234 | } | 232 | } |
| 235 | debug3("ciphers ok: [%s]", names); | 233 | debug3("ciphers ok: [%s]", names); |
| @@ -337,7 +335,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, | |||
| 337 | if (EVP_Cipher(&cc->evp, discard, junk, | 335 | if (EVP_Cipher(&cc->evp, discard, junk, |
| 338 | cipher->discard_len) == 0) | 336 | cipher->discard_len) == 0) |
| 339 | fatal("evp_crypt: EVP_Cipher failed during discard"); | 337 | fatal("evp_crypt: EVP_Cipher failed during discard"); |
| 340 | memset(discard, 0, cipher->discard_len); | 338 | explicit_bzero(discard, cipher->discard_len); |
| 341 | free(junk); | 339 | free(junk); |
| 342 | free(discard); | 340 | free(discard); |
| 343 | } | 341 | } |
| @@ -422,7 +420,7 @@ void | |||
| 422 | cipher_cleanup(CipherContext *cc) | 420 | cipher_cleanup(CipherContext *cc) |
| 423 | { | 421 | { |
| 424 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) | 422 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) |
| 425 | memset(&cc->cp_ctx, 0, sizeof(cc->cp_ctx)); | 423 | explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); |
| 426 | else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) | 424 | else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) |
| 427 | error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); | 425 | error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); |
| 428 | } | 426 | } |
| @@ -436,17 +434,15 @@ void | |||
| 436 | cipher_set_key_string(CipherContext *cc, const Cipher *cipher, | 434 | cipher_set_key_string(CipherContext *cc, const Cipher *cipher, |
| 437 | const char *passphrase, int do_encrypt) | 435 | const char *passphrase, int do_encrypt) |
| 438 | { | 436 | { |
| 439 | MD5_CTX md; | ||
| 440 | u_char digest[16]; | 437 | u_char digest[16]; |
| 441 | 438 | ||
| 442 | MD5_Init(&md); | 439 | if (ssh_digest_memory(SSH_DIGEST_MD5, passphrase, strlen(passphrase), |
| 443 | MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase)); | 440 | digest, sizeof(digest)) < 0) |
| 444 | MD5_Final(digest, &md); | 441 | fatal("%s: md5 failed", __func__); |
| 445 | 442 | ||
| 446 | cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); | 443 | cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); |
| 447 | 444 | ||
| 448 | memset(digest, 0, sizeof(digest)); | 445 | explicit_bzero(digest, sizeof(digest)); |
| 449 | memset(&md, 0, sizeof(md)); | ||
| 450 | } | 446 | } |
| 451 | 447 | ||
| 452 | /* | 448 | /* |