- markus@cvs.openbsd.org 2001/12/27 18:26:13
[authfile.c]
missing include
+ - markus@cvs.openbsd.org 2001/12/27 19:37:23
+ [dh.c kexdh.c kexgex.c]
+ always use BN_clear_free instead of BN_free
20020121
- (djm) Rework ssh-rand-helper:
*/
#include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.18 2001/12/27 18:22:16 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.19 2001/12/27 19:37:22 markus Exp $");
#include "xmalloc.h"
return (1);
failclean:
- BN_free(dhg->g);
- BN_free(dhg->p);
+ BN_clear_free(dhg->g);
+ BN_clear_free(dhg->p);
fail:
error("Bad prime description in line %d", linenum);
return (0);
linenum++;
if (!parse_prime(linenum, line, &dhg))
continue;
- BN_free(dhg.g);
- BN_free(dhg.p);
+ BN_clear_free(dhg.g);
+ BN_clear_free(dhg.p);
if (dhg.size > max || dhg.size < min)
continue;
if ((dhg.size > max || dhg.size < min) ||
dhg.size != best ||
linenum++ != which) {
- BN_free(dhg.g);
- BN_free(dhg.p);
+ BN_clear_free(dhg.g);
+ BN_clear_free(dhg.p);
continue;
}
break;
BN_num_bits(dh->p), 2*need);
do {
if (dh->priv_key != NULL)
- BN_free(dh->priv_key);
+ BN_clear_free(dh->priv_key);
if ((dh->priv_key = BN_new()) == NULL)
fatal("dh_gen_key: BN_new failed");
/* generate a 2*need bits random private exponent */
*/
#include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.8 2001/12/27 18:22:16 markus Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.9 2001/12/27 19:37:22 markus Exp $");
#include <openssl/crypto.h>
#include <openssl/bn.h>
shared_secret
);
xfree(server_host_key_blob);
- BN_free(dh_server_pub);
+ BN_clear_free(dh_server_pub);
DH_free(dh);
if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
dh->pub_key,
shared_secret
);
- BN_free(dh_client_pub);
+ BN_clear_free(dh_client_pub);
/* save session id := H */
/* XXX hashlen depends on KEX */
*/
#include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.11 2001/12/27 18:22:16 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.12 2001/12/27 19:37:23 markus Exp $");
#include <openssl/bn.h>
/* have keys, free DH */
DH_free(dh);
xfree(server_host_key_blob);
- BN_free(dh_server_pub);
+ BN_clear_free(dh_server_pub);
if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
fatal("key_verify failed for server_host_key");
dh->pub_key,
shared_secret
);
- BN_free(dh_client_pub);
+ BN_clear_free(dh_client_pub);
/* save session id := H */
/* XXX hashlen depends on KEX */