diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2014-03-22 15:23:38 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2014-03-22 15:23:38 +0000 |
| commit | 0c79dacc8a8d4de2455d61c51724866f667ba53c (patch) | |
| tree | 5186034782b608fd13a7408b5852ad248f6bdc35 /cipher.c | |
| parent | 02d4c2ac3daa0f36264392972709ccd7676ab3e8 (diff) | |
Notes
Diffstat (limited to 'cipher.c')
| -rw-r--r-- | cipher.c | 22 |
1 files changed, 9 insertions, 13 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.94 2014/01/25 10:12:50 dtucker Exp $ */ +/* $OpenBSD: cipher.c,v 1.97 2014/02/07 06:55:54 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -39,8 +39,6 @@ #include <sys/types.h> -#include <openssl/md5.h> - #include <string.h> #include <stdarg.h> #include <stdio.h> @@ -49,6 +47,8 @@ #include "log.h" #include "misc.h" #include "cipher.h" +#include "buffer.h" +#include "digest.h" /* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" @@ -228,8 +228,6 @@ ciphers_valid(const char *names) debug("bad cipher %s [%s]", p, names); free(cipher_list); return 0; - } else { - debug3("cipher ok: %s [%s]", p, names); } } debug3("ciphers ok: [%s]", names); @@ -337,7 +335,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, if (EVP_Cipher(&cc->evp, discard, junk, cipher->discard_len) == 0) fatal("evp_crypt: EVP_Cipher failed during discard"); - memset(discard, 0, cipher->discard_len); + explicit_bzero(discard, cipher->discard_len); free(junk); free(discard); } @@ -422,7 +420,7 @@ void cipher_cleanup(CipherContext *cc) { if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) - memset(&cc->cp_ctx, 0, sizeof(cc->cp_ctx)); + explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); } @@ -436,17 +434,15 @@ void cipher_set_key_string(CipherContext *cc, const Cipher *cipher, const char *passphrase, int do_encrypt) { - MD5_CTX md; u_char digest[16]; - MD5_Init(&md); - MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase)); - MD5_Final(digest, &md); + if (ssh_digest_memory(SSH_DIGEST_MD5, passphrase, strlen(passphrase), + digest, sizeof(digest)) < 0) + fatal("%s: md5 failed", __func__); cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); - memset(digest, 0, sizeof(digest)); - memset(&md, 0, sizeof(md)); + explicit_bzero(digest, sizeof(digest)); } /* |