summaryrefslogtreecommitdiff
path: root/sshconnect1.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshconnect1.c')
-rw-r--r--sshconnect1.c37
1 files changed, 21 insertions, 16 deletions
diff --git a/sshconnect1.c b/sshconnect1.c
index 7bd6cb018..921408ec1 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect1.c,v 1.72 2013/09/02 22:00:34 deraadt Exp $ */ 1/* $OpenBSD: sshconnect1.c,v 1.74 2014/02/02 03:44:32 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -19,7 +19,6 @@
19#include <sys/socket.h> 19#include <sys/socket.h>
20 20
21#include <openssl/bn.h> 21#include <openssl/bn.h>
22#include <openssl/md5.h>
23 22
24#include <stdarg.h> 23#include <stdarg.h>
25#include <stdio.h> 24#include <stdio.h>
@@ -47,6 +46,7 @@
47#include "canohost.h" 46#include "canohost.h"
48#include "hostfile.h" 47#include "hostfile.h"
49#include "auth.h" 48#include "auth.h"
49#include "digest.h"
50 50
51/* Session id for the current session. */ 51/* Session id for the current session. */
52u_char session_id[16]; 52u_char session_id[16];
@@ -120,7 +120,7 @@ try_agent_authentication(void)
120 * return a wrong value. 120 * return a wrong value.
121 */ 121 */
122 logit("Authentication agent failed to decrypt challenge."); 122 logit("Authentication agent failed to decrypt challenge.");
123 memset(response, 0, sizeof(response)); 123 explicit_bzero(response, sizeof(response));
124 } 124 }
125 key_free(key); 125 key_free(key);
126 debug("Sending response to RSA challenge."); 126 debug("Sending response to RSA challenge.");
@@ -161,7 +161,7 @@ static void
161respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) 161respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
162{ 162{
163 u_char buf[32], response[16]; 163 u_char buf[32], response[16];
164 MD5_CTX md; 164 struct ssh_digest_ctx *md;
165 int i, len; 165 int i, len;
166 166
167 /* Decrypt the challenge using the private key. */ 167 /* Decrypt the challenge using the private key. */
@@ -179,10 +179,12 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
179 179
180 memset(buf, 0, sizeof(buf)); 180 memset(buf, 0, sizeof(buf));
181 BN_bn2bin(challenge, buf + sizeof(buf) - len); 181 BN_bn2bin(challenge, buf + sizeof(buf) - len);
182 MD5_Init(&md); 182 if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||
183 MD5_Update(&md, buf, 32); 183 ssh_digest_update(md, buf, 32) < 0 ||
184 MD5_Update(&md, session_id, 16); 184 ssh_digest_update(md, session_id, 16) < 0 ||
185 MD5_Final(response, &md); 185 ssh_digest_final(md, response, sizeof(response)) < 0)
186 fatal("%s: md5 failed", __func__);
187 ssh_digest_free(md);
186 188
187 debug("Sending response to host key RSA challenge."); 189 debug("Sending response to host key RSA challenge.");
188 190
@@ -193,9 +195,9 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
193 packet_send(); 195 packet_send();
194 packet_write_wait(); 196 packet_write_wait();
195 197
196 memset(buf, 0, sizeof(buf)); 198 explicit_bzero(buf, sizeof(buf));
197 memset(response, 0, sizeof(response)); 199 explicit_bzero(response, sizeof(response));
198 memset(&md, 0, sizeof(md)); 200 explicit_bzero(&md, sizeof(md));
199} 201}
200 202
201/* 203/*
@@ -269,7 +271,7 @@ try_rsa_authentication(int idx)
269 debug2("no passphrase given, try next key"); 271 debug2("no passphrase given, try next key");
270 quit = 1; 272 quit = 1;
271 } 273 }
272 memset(passphrase, 0, strlen(passphrase)); 274 explicit_bzero(passphrase, strlen(passphrase));
273 free(passphrase); 275 free(passphrase);
274 if (private != NULL || quit) 276 if (private != NULL || quit)
275 break; 277 break;
@@ -425,7 +427,7 @@ try_challenge_response_authentication(void)
425 } 427 }
426 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); 428 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
427 ssh_put_password(response); 429 ssh_put_password(response);
428 memset(response, 0, strlen(response)); 430 explicit_bzero(response, strlen(response));
429 free(response); 431 free(response);
430 packet_send(); 432 packet_send();
431 packet_write_wait(); 433 packet_write_wait();
@@ -458,7 +460,7 @@ try_password_authentication(char *prompt)
458 password = read_passphrase(prompt, 0); 460 password = read_passphrase(prompt, 0);
459 packet_start(SSH_CMSG_AUTH_PASSWORD); 461 packet_start(SSH_CMSG_AUTH_PASSWORD);
460 ssh_put_password(password); 462 ssh_put_password(password);
461 memset(password, 0, strlen(password)); 463 explicit_bzero(password, strlen(password));
462 free(password); 464 free(password);
463 packet_send(); 465 packet_send();
464 packet_write_wait(); 466 packet_write_wait();
@@ -650,8 +652,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
650 /* Set the encryption key. */ 652 /* Set the encryption key. */
651 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); 653 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
652 654
653 /* We will no longer need the session key here. Destroy any extra copies. */ 655 /*
654 memset(session_key, 0, sizeof(session_key)); 656 * We will no longer need the session key here.
657 * Destroy any extra copies.
658 */
659 explicit_bzero(session_key, sizeof(session_key));
655 660
656 /* 661 /*
657 * Expect a success message from the server. Note that this message 662 * Expect a success message from the server. Note that this message
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 18:02:30 +0000