diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2014-03-25 11:05:34 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2014-03-25 11:05:34 +0000 |
| commit | b83788ff878a6b12efc40bed6f01048149338592 (patch) | |
| tree | 5f5bce301eb69c1bba7123161572915c7e55375b /crypto/openssh/cipher.c | |
| parent | fe47fb7b1c7155a1a947b6754b3a928aa0cda6e6 (diff) | |
| parent | 0c79dacc8a8d4de2455d61c51724866f667ba53c (diff) | |
| download | src-b83788ff878a6b12efc40bed6f01048149338592.tar.gz src-b83788ff878a6b12efc40bed6f01048149338592.zip | |
Upgrade to OpenSSH 6.6p1.
Notes
Notes:
svn path=/head/; revision=263712
Diffstat (limited to 'crypto/openssh/cipher.c')
| -rw-r--r-- | crypto/openssh/cipher.c | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/crypto/openssh/cipher.c b/crypto/openssh/cipher.c index 6e4b9e298bf4..0f4bd48e60c9 100644 --- a/crypto/openssh/cipher.c +++ b/crypto/openssh/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.94 2014/01/25 10:12:50 dtucker Exp $ */ +/* $OpenBSD: cipher.c,v 1.97 2014/02/07 06:55:54 djm Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -41,8 +41,6 @@ __RCSID("$FreeBSD$"); #include <sys/types.h> -#include <openssl/md5.h> - #include <string.h> #include <stdarg.h> #include <stdio.h> @@ -51,6 +49,8 @@ __RCSID("$FreeBSD$"); #include "log.h" #include "misc.h" #include "cipher.h" +#include "buffer.h" +#include "digest.h" /* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" @@ -235,8 +235,6 @@ ciphers_valid(const char *names) debug("bad cipher %s [%s]", p, names); free(cipher_list); return 0; - } else { - debug3("cipher ok: %s [%s]", p, names); } } debug3("ciphers ok: [%s]", names); @@ -344,7 +342,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, if (EVP_Cipher(&cc->evp, discard, junk, cipher->discard_len) == 0) fatal("evp_crypt: EVP_Cipher failed during discard"); - memset(discard, 0, cipher->discard_len); + explicit_bzero(discard, cipher->discard_len); free(junk); free(discard); } @@ -429,7 +427,7 @@ void cipher_cleanup(CipherContext *cc) { if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) - memset(&cc->cp_ctx, 0, sizeof(cc->cp_ctx)); + explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); } @@ -443,17 +441,15 @@ void cipher_set_key_string(CipherContext *cc, const Cipher *cipher, const char *passphrase, int do_encrypt) { - MD5_CTX md; u_char digest[16]; - MD5_Init(&md); - MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase)); - MD5_Final(digest, &md); + if (ssh_digest_memory(SSH_DIGEST_MD5, passphrase, strlen(passphrase), + digest, sizeof(digest)) < 0) + fatal("%s: md5 failed", __func__); cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); - memset(digest, 0, sizeof(digest)); - memset(&md, 0, sizeof(md)); + explicit_bzero(digest, sizeof(digest)); } /* |