aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2018-10-03 09:14:45 -0400
committerAndreas Schneider <asn@cryptomilk.org>2019-03-07 12:02:23 +0100
commit449954d99afc2a2074c18f44d46f7f196d2be68c (patch)
tree48d02a74a995ceceb07c91d93b41e2e98baef71d
parent7c444c09d7bdba1f0409ea8f874ccd283f2daa52 (diff)
downloadlibssh-449954d99afc2a2074c18f44d46f7f196d2be68c.tar.gz
libssh-449954d99afc2a2074c18f44d46f7f196d2be68c.tar.xz
libssh-449954d99afc2a2074c18f44d46f7f196d2be68c.zip
Fix crypto_free zeroing of encryption keys
The zeroing MUST use the correct cipher length as keys can be both longer or shorter than the digest. In one case only some part of the key may end up being zeroed, in the other memory corruption may happen as we zero memory we do not own. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--src/wrapper.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/src/wrapper.c b/src/wrapper.c
index e13b4c27..ca04f5b2 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -168,9 +168,6 @@ void crypto_free(struct ssh_crypto_struct *crypto)
ssh_key_free(crypto->server_pubkey);
- cipher_free(crypto->in_cipher);
- cipher_free(crypto->out_cipher);
-
ssh_dh_cleanup(crypto);
bignum_safe_free(crypto->k);
#ifdef HAVE_ECDH
@@ -211,14 +208,17 @@ void crypto_free(struct ssh_crypto_struct *crypto)
SAFE_FREE(crypto->encryptMAC);
SAFE_FREE(crypto->decryptMAC);
if (crypto->encryptkey != NULL) {
- explicit_bzero(crypto->encryptkey, crypto->digest_len);
+ explicit_bzero(crypto->encryptkey, crypto->out_cipher->keysize / 8);
SAFE_FREE(crypto->encryptkey);
}
if (crypto->decryptkey != NULL) {
- explicit_bzero(crypto->decryptkey, crypto->digest_len);
+ explicit_bzero(crypto->decryptkey, crypto->in_cipher->keysize / 8);
SAFE_FREE(crypto->decryptkey);
}
+ cipher_free(crypto->in_cipher);
+ cipher_free(crypto->out_cipher);
+
for (i = 0; i < SSH_KEX_METHODS; i++) {
SAFE_FREE(crypto->client_kex.methods[i]);
SAFE_FREE(crypto->server_kex.methods[i]);