diff options
Diffstat (limited to 'ssh-agent.c')
| -rw-r--r-- | ssh-agent.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 95117e0764dd9..ba2461211b023 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.181 2013/12/19 01:19:41 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.183 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -50,7 +50,6 @@ #include "openbsd-compat/sys-queue.h" #include <openssl/evp.h> -#include <openssl/md5.h> #include "openbsd-compat/openssl-compat.h" #include <errno.h> @@ -75,6 +74,7 @@ #include "compat.h" #include "log.h" #include "misc.h" +#include "digest.h" #ifdef ENABLE_PKCS11 #include "ssh-pkcs11.h" @@ -248,7 +248,7 @@ process_authentication_challenge1(SocketEntry *e) Identity *id; int i, len; Buffer msg; - MD5_CTX md; + struct ssh_digest_ctx *md; Key *key; buffer_init(&msg); @@ -284,10 +284,12 @@ process_authentication_challenge1(SocketEntry *e) } memset(buf, 0, 32); BN_bn2bin(challenge, buf + 32 - len); - MD5_Init(&md); - MD5_Update(&md, buf, 32); - MD5_Update(&md, session_id, 16); - MD5_Final(mdbuf, &md); + if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || + ssh_digest_update(md, buf, 32) < 0 || + ssh_digest_update(md, session_id, 16) < 0 || + ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0) + fatal("%s: md5 failed", __func__); + ssh_digest_free(md); /* Send the response. */ buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE); @@ -552,7 +554,7 @@ process_lock_agent(SocketEntry *e, int lock) passwd = buffer_get_string(&e->request, NULL); if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { locked = 0; - memset(lock_passwd, 0, strlen(lock_passwd)); + explicit_bzero(lock_passwd, strlen(lock_passwd)); free(lock_passwd); lock_passwd = NULL; success = 1; @@ -561,7 +563,7 @@ process_lock_agent(SocketEntry *e, int lock) lock_passwd = xstrdup(passwd); success = 1; } - memset(passwd, 0, strlen(passwd)); + explicit_bzero(passwd, strlen(passwd)); free(passwd); buffer_put_int(&e->output, 1); |