diff options
| author |   markus <markus@openbsd.org> | 2000-01-16 23:53:02 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2000-01-16 23:53:02 +0000 |
| commit | b49120b0849da948f02d39fe7df96dec56d7d013 (patch) | |
| tree | aa850b5007932bc3cc532d9b87914aa9bc9bb24d | |
| parent | VIAO -> VAIO (diff) | |
| download | wireguard-openbsd-b49120b0849da948f02d39fe7df96dec56d7d013.tar.xz wireguard-openbsd-b49120b0849da948f02d39fe7df96dec56d7d013.zip | |
destroy keys earlier
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index f16e2b32dab..22bbc64f166 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -8,7 +8,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.51 2000/01/16 23:03:10 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.52 2000/01/16 23:53:02 markus Exp $"); #include <ssl/bn.h> #include "xmalloc.h" @@ -1406,6 +1406,10 @@ ssh_kex(char *host, struct sockaddr *hostaddr) rsa_public_encrypt(key, key, public_key); } + /* Destroy the public keys since we no longer need them. */ + RSA_free(public_key); + RSA_free(host_key); + if (options.cipher == SSH_CIPHER_NOT_SET) { if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default)) options.cipher = ssh_cipher_default; @@ -1431,8 +1435,9 @@ ssh_kex(char *host, struct sockaddr *hostaddr) for (i = 0; i < 8; i++) packet_put_char(cookie[i]); - /* Send the encrypted encryption key. */ + /* Send and destroy the encrypted encryption key integer. */ packet_put_bignum(key); + BN_clear_free(key); /* Send protocol flags. */ packet_put_int(client_flags); @@ -1441,11 +1446,6 @@ ssh_kex(char *host, struct sockaddr *hostaddr) packet_send(); packet_write_wait(); - /* Destroy the session key integer and the public keys since we no longer need them. */ - BN_clear_free(key); - RSA_free(public_key); - RSA_free(host_key); - debug("Sent encrypted session key."); /* Set the encryption key. */ |