diff options
Diffstat (limited to 'sshconnect1.c')
-rw-r--r-- | sshconnect1.c | 37 |
1 files changed, 21 insertions, 16 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index 7bd6cb018..921408ec1 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect1.c,v 1.72 2013/09/02 22:00:34 deraadt Exp $ */ | 1 | /* $OpenBSD: sshconnect1.c,v 1.74 2014/02/02 03:44:32 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -19,7 +19,6 @@ | |||
19 | #include <sys/socket.h> | 19 | #include <sys/socket.h> |
20 | 20 | ||
21 | #include <openssl/bn.h> | 21 | #include <openssl/bn.h> |
22 | #include <openssl/md5.h> | ||
23 | 22 | ||
24 | #include <stdarg.h> | 23 | #include <stdarg.h> |
25 | #include <stdio.h> | 24 | #include <stdio.h> |
@@ -47,6 +46,7 @@ | |||
47 | #include "canohost.h" | 46 | #include "canohost.h" |
48 | #include "hostfile.h" | 47 | #include "hostfile.h" |
49 | #include "auth.h" | 48 | #include "auth.h" |
49 | #include "digest.h" | ||
50 | 50 | ||
51 | /* Session id for the current session. */ | 51 | /* Session id for the current session. */ |
52 | u_char session_id[16]; | 52 | u_char session_id[16]; |
@@ -120,7 +120,7 @@ try_agent_authentication(void) | |||
120 | * return a wrong value. | 120 | * return a wrong value. |
121 | */ | 121 | */ |
122 | logit("Authentication agent failed to decrypt challenge."); | 122 | logit("Authentication agent failed to decrypt challenge."); |
123 | memset(response, 0, sizeof(response)); | 123 | explicit_bzero(response, sizeof(response)); |
124 | } | 124 | } |
125 | key_free(key); | 125 | key_free(key); |
126 | debug("Sending response to RSA challenge."); | 126 | debug("Sending response to RSA challenge."); |
@@ -161,7 +161,7 @@ static void | |||
161 | respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) | 161 | respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) |
162 | { | 162 | { |
163 | u_char buf[32], response[16]; | 163 | u_char buf[32], response[16]; |
164 | MD5_CTX md; | 164 | struct ssh_digest_ctx *md; |
165 | int i, len; | 165 | int i, len; |
166 | 166 | ||
167 | /* Decrypt the challenge using the private key. */ | 167 | /* Decrypt the challenge using the private key. */ |
@@ -179,10 +179,12 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) | |||
179 | 179 | ||
180 | memset(buf, 0, sizeof(buf)); | 180 | memset(buf, 0, sizeof(buf)); |
181 | BN_bn2bin(challenge, buf + sizeof(buf) - len); | 181 | BN_bn2bin(challenge, buf + sizeof(buf) - len); |
182 | MD5_Init(&md); | 182 | if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || |
183 | MD5_Update(&md, buf, 32); | 183 | ssh_digest_update(md, buf, 32) < 0 || |
184 | MD5_Update(&md, session_id, 16); | 184 | ssh_digest_update(md, session_id, 16) < 0 || |
185 | MD5_Final(response, &md); | 185 | ssh_digest_final(md, response, sizeof(response)) < 0) |
186 | fatal("%s: md5 failed", __func__); | ||
187 | ssh_digest_free(md); | ||
186 | 188 | ||
187 | debug("Sending response to host key RSA challenge."); | 189 | debug("Sending response to host key RSA challenge."); |
188 | 190 | ||
@@ -193,9 +195,9 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) | |||
193 | packet_send(); | 195 | packet_send(); |
194 | packet_write_wait(); | 196 | packet_write_wait(); |
195 | 197 | ||
196 | memset(buf, 0, sizeof(buf)); | 198 | explicit_bzero(buf, sizeof(buf)); |
197 | memset(response, 0, sizeof(response)); | 199 | explicit_bzero(response, sizeof(response)); |
198 | memset(&md, 0, sizeof(md)); | 200 | explicit_bzero(&md, sizeof(md)); |
199 | } | 201 | } |
200 | 202 | ||
201 | /* | 203 | /* |
@@ -269,7 +271,7 @@ try_rsa_authentication(int idx) | |||
269 | debug2("no passphrase given, try next key"); | 271 | debug2("no passphrase given, try next key"); |
270 | quit = 1; | 272 | quit = 1; |
271 | } | 273 | } |
272 | memset(passphrase, 0, strlen(passphrase)); | 274 | explicit_bzero(passphrase, strlen(passphrase)); |
273 | free(passphrase); | 275 | free(passphrase); |
274 | if (private != NULL || quit) | 276 | if (private != NULL || quit) |
275 | break; | 277 | break; |
@@ -425,7 +427,7 @@ try_challenge_response_authentication(void) | |||
425 | } | 427 | } |
426 | packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); | 428 | packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); |
427 | ssh_put_password(response); | 429 | ssh_put_password(response); |
428 | memset(response, 0, strlen(response)); | 430 | explicit_bzero(response, strlen(response)); |
429 | free(response); | 431 | free(response); |
430 | packet_send(); | 432 | packet_send(); |
431 | packet_write_wait(); | 433 | packet_write_wait(); |
@@ -458,7 +460,7 @@ try_password_authentication(char *prompt) | |||
458 | password = read_passphrase(prompt, 0); | 460 | password = read_passphrase(prompt, 0); |
459 | packet_start(SSH_CMSG_AUTH_PASSWORD); | 461 | packet_start(SSH_CMSG_AUTH_PASSWORD); |
460 | ssh_put_password(password); | 462 | ssh_put_password(password); |
461 | memset(password, 0, strlen(password)); | 463 | explicit_bzero(password, strlen(password)); |
462 | free(password); | 464 | free(password); |
463 | packet_send(); | 465 | packet_send(); |
464 | packet_write_wait(); | 466 | packet_write_wait(); |
@@ -650,8 +652,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
650 | /* Set the encryption key. */ | 652 | /* Set the encryption key. */ |
651 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); | 653 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); |
652 | 654 | ||
653 | /* We will no longer need the session key here. Destroy any extra copies. */ | 655 | /* |
654 | memset(session_key, 0, sizeof(session_key)); | 656 | * We will no longer need the session key here. |
657 | * Destroy any extra copies. | ||
658 | */ | ||
659 | explicit_bzero(session_key, sizeof(session_key)); | ||
655 | 660 | ||
656 | /* | 661 | /* |
657 | * Expect a success message from the server. Note that this message | 662 | * Expect a success message from the server. Note that this message |