1 files changed, 33 insertions, 20 deletions

diff --git a/sshd.c b/sshd.c
index 25380c911..7523de977 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.414 2014/01/09 23:26:48 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.420 2014/02/26 21:53:37 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -74,7 +74,6 @@
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
-#include <openssl/md5.h>
 #include <openssl/rand.h>
 #include "openbsd-compat/openssl-compat.h"
 
@@ -96,6 +95,7 @@
 #include "uidswap.h"
 #include "compat.h"
 #include "cipher.h"
+#include "digest.h"
 #include "key.h"
 #include "kex.h"
 #include "dh.h"
@@ -579,7 +579,7 @@ destroy_sensitive_data(void)
                 }
         }
         sensitive_data.ssh1_host_key = NULL;
-        memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH);
+        explicit_bzero(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
 }
 
 /* Demote private to public keys for network child */
@@ -618,10 +618,16 @@ privsep_preauth_child(void)
         /* Enable challenge-response authentication for privilege separation */
         privsep_challenge_enable();
 
+#ifdef GSSAPI
+        /* Cache supported mechanism OIDs for later use */
+        if (options.gss_authentication)
+                ssh_gssapi_prepare_supported_oids();
+#endif
+
         arc4random_stir();
         arc4random_buf(rnd, sizeof(rnd));
         RAND_seed(rnd, sizeof(rnd));
-        bzero(rnd, sizeof(rnd));
+        explicit_bzero(rnd, sizeof(rnd));
 
         /* Demote the private keys to public keys. */
         demote_sensitive_data();
@@ -756,7 +762,7 @@ privsep_postauth(Authctxt *authctxt)
         arc4random_stir();
         arc4random_buf(rnd, sizeof(rnd));
         RAND_seed(rnd, sizeof(rnd));
-        bzero(rnd, sizeof(rnd));
+        explicit_bzero(rnd, sizeof(rnd));
 
         /* Drop privileges */
         do_setusercontext(authctxt->pw);
@@ -1355,7 +1361,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
                         arc4random_stir();
                         arc4random_buf(rnd, sizeof(rnd));
                         RAND_seed(rnd, sizeof(rnd));
-                        bzero(rnd, sizeof(rnd));
+                        explicit_bzero(rnd, sizeof(rnd));
                 }
 
                 /* child process check (or debug mode) */
@@ -1657,7 +1663,8 @@ main(int ac, char **av)
                         fatal("Privilege separation user %s does not exist",
                             SSH_PRIVSEP_USER);
         } else {
-                memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
+                explicit_bzero(privsep_pw->pw_passwd,
+                    strlen(privsep_pw->pw_passwd));
                 privsep_pw = pwcopy(privsep_pw);
                 free(privsep_pw->pw_passwd);
                 privsep_pw->pw_passwd = xstrdup("*");
@@ -2341,7 +2348,7 @@ do_ssh1_kex(void)
                             get_remote_ipaddr(), len, (u_long)sizeof(session_key));
                         rsafail++;
                 } else {
-                        memset(session_key, 0, sizeof(session_key));
+                        explicit_bzero(session_key, sizeof(session_key));
                         BN_bn2bin(session_key_int,
                             session_key + sizeof(session_key) - len);
 
@@ -2360,20 +2367,26 @@ do_ssh1_kex(void)
         if (rsafail) {
                 int bytes = BN_num_bytes(session_key_int);
                 u_char *buf = xmalloc(bytes);
-                MD5_CTX md;
+                struct ssh_digest_ctx *md;
 
                 logit("do_connection: generating a fake encryption key");
                 BN_bn2bin(session_key_int, buf);
-                MD5_Init(&md);
-                MD5_Update(&md, buf, bytes);
-                MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
-                MD5_Final(session_key, &md);
-                MD5_Init(&md);
-                MD5_Update(&md, session_key, 16);
-                MD5_Update(&md, buf, bytes);
-                MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
-                MD5_Final(session_key + 16, &md);
-                memset(buf, 0, bytes);
+                if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||
+                    ssh_digest_update(md, buf, bytes) < 0 ||
+                    ssh_digest_update(md, sensitive_data.ssh1_cookie,
+                    SSH_SESSION_KEY_LENGTH) < 0 ||
+                    ssh_digest_final(md, session_key, sizeof(session_key)) < 0)
+                        fatal("%s: md5 failed", __func__);
+                ssh_digest_free(md);
+                if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||
+                    ssh_digest_update(md, session_key, 16) < 0 ||
+                    ssh_digest_update(md, sensitive_data.ssh1_cookie,
+                    SSH_SESSION_KEY_LENGTH) < 0 ||
+                    ssh_digest_final(md, session_key + 16,
+                    sizeof(session_key) - 16) < 0)
+                        fatal("%s: md5 failed", __func__);
+                ssh_digest_free(md);
+                explicit_bzero(buf, bytes);
                 free(buf);
                 for (i = 0; i < 16; i++)
                         session_id[i] = session_key[i] ^ session_key[i + 16];
@@ -2391,7 +2404,7 @@ do_ssh1_kex(void)
         packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type);
 
         /* Destroy our copy of the session key.  It is no longer needed. */
-        memset(session_key, 0, sizeof(session_key));
+        explicit_bzero(session_key, sizeof(session_key));
 
         debug("Received session key; encryption turned on.");