diff options
Diffstat (limited to 'ssh-agent.c')
| -rw-r--r-- | ssh-agent.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 95117e076..ba2461211 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-agent.c,v 1.181 2013/12/19 01:19:41 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.183 2014/02/02 03:44:31 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -50,7 +50,6 @@ | |||
| 50 | #include "openbsd-compat/sys-queue.h" | 50 | #include "openbsd-compat/sys-queue.h" |
| 51 | 51 | ||
| 52 | #include <openssl/evp.h> | 52 | #include <openssl/evp.h> |
| 53 | #include <openssl/md5.h> | ||
| 54 | #include "openbsd-compat/openssl-compat.h" | 53 | #include "openbsd-compat/openssl-compat.h" |
| 55 | 54 | ||
| 56 | #include <errno.h> | 55 | #include <errno.h> |
| @@ -75,6 +74,7 @@ | |||
| 75 | #include "compat.h" | 74 | #include "compat.h" |
| 76 | #include "log.h" | 75 | #include "log.h" |
| 77 | #include "misc.h" | 76 | #include "misc.h" |
| 77 | #include "digest.h" | ||
| 78 | 78 | ||
| 79 | #ifdef ENABLE_PKCS11 | 79 | #ifdef ENABLE_PKCS11 |
| 80 | #include "ssh-pkcs11.h" | 80 | #include "ssh-pkcs11.h" |
| @@ -248,7 +248,7 @@ process_authentication_challenge1(SocketEntry *e) | |||
| 248 | Identity *id; | 248 | Identity *id; |
| 249 | int i, len; | 249 | int i, len; |
| 250 | Buffer msg; | 250 | Buffer msg; |
| 251 | MD5_CTX md; | 251 | struct ssh_digest_ctx *md; |
| 252 | Key *key; | 252 | Key *key; |
| 253 | 253 | ||
| 254 | buffer_init(&msg); | 254 | buffer_init(&msg); |
| @@ -284,10 +284,12 @@ process_authentication_challenge1(SocketEntry *e) | |||
| 284 | } | 284 | } |
| 285 | memset(buf, 0, 32); | 285 | memset(buf, 0, 32); |
| 286 | BN_bn2bin(challenge, buf + 32 - len); | 286 | BN_bn2bin(challenge, buf + 32 - len); |
| 287 | MD5_Init(&md); | 287 | if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || |
| 288 | MD5_Update(&md, buf, 32); | 288 | ssh_digest_update(md, buf, 32) < 0 || |
| 289 | MD5_Update(&md, session_id, 16); | 289 | ssh_digest_update(md, session_id, 16) < 0 || |
| 290 | MD5_Final(mdbuf, &md); | 290 | ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0) |
| 291 | fatal("%s: md5 failed", __func__); | ||
| 292 | ssh_digest_free(md); | ||
| 291 | 293 | ||
| 292 | /* Send the response. */ | 294 | /* Send the response. */ |
| 293 | buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE); | 295 | buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE); |
| @@ -552,7 +554,7 @@ process_lock_agent(SocketEntry *e, int lock) | |||
| 552 | passwd = buffer_get_string(&e->request, NULL); | 554 | passwd = buffer_get_string(&e->request, NULL); |
| 553 | if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { | 555 | if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { |
| 554 | locked = 0; | 556 | locked = 0; |
| 555 | memset(lock_passwd, 0, strlen(lock_passwd)); | 557 | explicit_bzero(lock_passwd, strlen(lock_passwd)); |
| 556 | free(lock_passwd); | 558 | free(lock_passwd); |
| 557 | lock_passwd = NULL; | 559 | lock_passwd = NULL; |
| 558 | success = 1; | 560 | success = 1; |
| @@ -561,7 +563,7 @@ process_lock_agent(SocketEntry *e, int lock) | |||
| 561 | lock_passwd = xstrdup(passwd); | 563 | lock_passwd = xstrdup(passwd); |
| 562 | success = 1; | 564 | success = 1; |
| 563 | } | 565 | } |
| 564 | memset(passwd, 0, strlen(passwd)); | 566 | explicit_bzero(passwd, strlen(passwd)); |
| 565 | free(passwd); | 567 | free(passwd); |
| 566 | 568 | ||
| 567 | buffer_put_int(&e->output, 1); | 569 | buffer_put_int(&e->output, 1); |