diff options
author | Jean-Philippe Garcia Ballester <giga@le-pec.org> | 2006-03-01 16:32:22 +0000 |
---|---|---|
committer | Jean-Philippe Garcia Ballester <giga@le-pec.org> | 2006-03-01 16:32:22 +0000 |
commit | 770e73d8b7d0ca1e3fd8faab08cb88307d1b1c99 (patch) | |
tree | 22b77de706cd0e0506159db40be970f949bc17bb /libssh | |
parent | 10b1a631e8794932a57c84b41a6bf3870416a4cd (diff) | |
download | libssh-770e73d8b7d0ca1e3fd8faab08cb88307d1b1c99.tar.gz libssh-770e73d8b7d0ca1e3fd8faab08cb88307d1b1c99.tar.xz libssh-770e73d8b7d0ca1e3fd8faab08cb88307d1b1c99.zip |
keyfiles.c and wrapper.c: Remove useless secure memory flag (for libgcrypt)
dh.c: Initialize libgcrypt only if not done before
client.c: Remove cleanup of cryptograhpic library. This needs to be put
somewhere, like in a crypto_finish function or something.
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@70 7dcaeef0-15fb-0310-b436-a5af3365683c
Diffstat (limited to 'libssh')
-rw-r--r-- | libssh/client.c | 8 | ||||
-rw-r--r-- | libssh/crypt.c | 2 | ||||
-rw-r--r-- | libssh/dh.c | 23 | ||||
-rw-r--r-- | libssh/keyfiles.c | 2 | ||||
-rw-r--r-- | libssh/wrapper.c | 24 |
5 files changed, 23 insertions, 36 deletions
diff --git a/libssh/client.c b/libssh/client.c index 437edfd2..bfb52f3d 100644 --- a/libssh/client.c +++ b/libssh/client.c @@ -20,13 +20,11 @@ the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include <stdio.h> -#include <unistd.h> #include <stdlib.h> #include <string.h> #include <netdb.h> #include "libssh/priv.h" #include "libssh/ssh2.h" -extern int connections; #define set_status(opt,status) do {\ if (opt->connect_status_function) \ @@ -316,12 +314,6 @@ void ssh_disconnect(SSH_SESSION *session){ } session->alive=0; ssh_cleanup(session); - if (!--connections) -#ifdef HAVE_LIBGCRYPT - gcry_control(GCRYCTL_TERM_SECMEM); -#elif defined HAVE_LIBCRYPTO - EVP_cleanup(); -#endif } const char *ssh_copyright(){ diff --git a/libssh/crypt.c b/libssh/crypt.c index 22e7a3f1..bb3bb4e9 100644 --- a/libssh/crypt.c +++ b/libssh/crypt.c @@ -78,7 +78,7 @@ unsigned char * packet_encrypt(SSH_SESSION *session,void *data,u32 len){ #endif out=malloc(len); if(session->version==2){ - ctx=hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1); + ctx=hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1); hmac_update(ctx,(unsigned char *)&seq,sizeof(u32)); hmac_update(ctx,data,len); hmac_final(ctx,session->current_crypto->hmacbuf,&finallen); diff --git a/libssh/dh.c b/libssh/dh.c index 89fda259..cbf143c0 100644 --- a/libssh/dh.c +++ b/libssh/dh.c @@ -37,9 +37,9 @@ MA 02111-1307, USA. */ #include <stdio.h> #include <stdlib.h> -#include <unistd.h> -#include <fcntl.h> #include <netdb.h> +#include <string.h> +#include "libssh/crypto.h" #include "libssh/priv.h" #ifdef HAVE_LIBCRYPTO @@ -47,8 +47,7 @@ MA 02111-1307, USA. */ #include <openssl/evp.h> #include <openssl/err.h> #endif -#include <string.h> -#include "libssh/crypto.h" + static unsigned char p_value[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, @@ -67,8 +66,6 @@ static unsigned long g_int = 2 ; /* G is defined as 2 by the ssh2 standards */ static bignum g; static bignum p; -int connections = 0; - /* maybe it might be enhanced .... */ /* XXX Do it. */ int ssh_get_random(void *where, int len, int strong){ @@ -93,6 +90,11 @@ void ssh_crypto_init(){ if(!init){ #ifdef HAVE_LIBGCRYPT gcry_check_version(NULL); + if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P,0)) + { + gcry_control(GCRYCTL_INIT_SECMEM, 4096); + gcry_control(GCRYCTL_INITIALIZATION_FINISHED,0); + } #endif g=bignum_new(); bignum_set_word(g,g_int); @@ -101,16 +103,9 @@ void ssh_crypto_init(){ #elif defined HAVE_LIBCRYPTO p=bignum_new(); bignum_bin2bn(p_value,P_LEN,p); -#endif - init++; - } - if (!connections++){ -#ifdef HAVE_LIBGCRYPT - gcry_control(GCRYCTL_INIT_SECMEM,524288,0); - gcry_control(GCRYCTL_INITIALIZATION_FINISHED,0); -#elif defined HAVE_LIBCRYPTO OpenSSL_add_all_algorithms(); #endif + init++; } } diff --git a/libssh/keyfiles.c b/libssh/keyfiles.c index ee0b3ec4..b96cc63e 100644 --- a/libssh/keyfiles.c +++ b/libssh/keyfiles.c @@ -208,7 +208,7 @@ int privatekey_decrypt(int algo, int mode, unsigned int key_len, if (passphrase_len <= 0) return 0; passphrase_to_key(passphrase, passphrase_len, iv, key, key_len); - if (gcry_cipher_open(&cipher, algo, mode, GCRY_CIPHER_SECURE) + if (gcry_cipher_open(&cipher, algo, mode, 0) || gcry_cipher_setkey(cipher, key, key_len) || gcry_cipher_setiv(cipher, iv, iv_len) || !(tmp = malloc(buffer_get_len(data) * sizeof (char))) diff --git a/libssh/wrapper.c b/libssh/wrapper.c index a731d1e8..acbcfc2d 100644 --- a/libssh/wrapper.c +++ b/libssh/wrapper.c @@ -35,7 +35,7 @@ MA 02111-1307, USA. */ SHACTX sha1_init(){ SHACTX ret; - gcry_md_open(&ret,GCRY_MD_SHA1,GCRY_MD_FLAG_SECURE); + gcry_md_open(&ret,GCRY_MD_SHA1,0); return ret; } void sha1_update(SHACTX c, const void *data, unsigned long len){ @@ -52,7 +52,7 @@ void sha1(unsigned char *digest,int len,unsigned char *hash){ MD5CTX md5_init(){ MD5CTX ret; - gcry_md_open(&ret,GCRY_MD_MD5,GCRY_MD_FLAG_SECURE); + gcry_md_open(&ret,GCRY_MD_MD5,0); return ret; } void md5_update(MD5CTX c, const void *data, unsigned long len){ @@ -68,10 +68,10 @@ HMACCTX hmac_init(const void *key, int len,int type){ HMACCTX c; switch(type){ case HMAC_SHA1: - gcry_md_open(&c,GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE); + gcry_md_open(&c,GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); break; case HMAC_MD5: - gcry_md_open(&c,GCRY_MD_MD5, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE); + gcry_md_open(&c,GCRY_MD_MD5, GCRY_MD_FLAG_HMAC); break; default: c=NULL; @@ -97,7 +97,7 @@ static void alloc_key(struct crypto_struct *cipher){ static void blowfish_set_key(struct crypto_struct *cipher, void *key, void *IV){ if(!cipher->key){ alloc_key(cipher); - gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_BLOWFISH,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE); + gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_BLOWFISH,GCRY_CIPHER_MODE_CBC,0); gcry_cipher_setkey(cipher->key[0],key,16); gcry_cipher_setiv(cipher->key[0],IV,8); } @@ -116,13 +116,13 @@ static void aes_set_key(struct crypto_struct *cipher, void *key, void *IV){ alloc_key(cipher); switch(cipher->keysize){ case 128: - gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_AES128,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE); + gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_AES128,GCRY_CIPHER_MODE_CBC,0); break; case 192: - gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_AES192,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE); + gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_AES192,GCRY_CIPHER_MODE_CBC,0); break; case 256: - gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_AES256,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE); + gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_AES256,GCRY_CIPHER_MODE_CBC,0); break; } gcry_cipher_setkey(cipher->key[0],key,cipher->keysize/8); @@ -141,7 +141,7 @@ static void aes_decrypt(struct crypto_struct *cipher, void *in, void *out,unsign static void des3_set_key(struct crypto_struct *cipher, void *key, void *IV){ if(!cipher->key){ alloc_key(cipher); - gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_3DES,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE); + gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_3DES,GCRY_CIPHER_MODE_CBC,0); gcry_cipher_setkey(cipher->key[0],key,24); gcry_cipher_setiv(cipher->key[0],IV,8); } @@ -160,13 +160,13 @@ static void des3_decrypt(struct crypto_struct *cipher, void *in, void *out, static void des3_1_set_key(struct crypto_struct *cipher, void *key, void *IV){ if(!cipher->key){ alloc_key(cipher); - gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_DES,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE); + gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_DES,GCRY_CIPHER_MODE_CBC,0); gcry_cipher_setkey(cipher->key[0],key,8); gcry_cipher_setiv(cipher->key[0],IV,8); - gcry_cipher_open(&cipher->key[1],GCRY_CIPHER_DES,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE); + gcry_cipher_open(&cipher->key[1],GCRY_CIPHER_DES,GCRY_CIPHER_MODE_CBC,0); gcry_cipher_setkey(cipher->key[1],key+8,8); gcry_cipher_setiv(cipher->key[1],IV+8,8); - gcry_cipher_open(&cipher->key[2],GCRY_CIPHER_DES,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE); + gcry_cipher_open(&cipher->key[2],GCRY_CIPHER_DES,GCRY_CIPHER_MODE_CBC,0); gcry_cipher_setkey(cipher->key[2],key+16,8); gcry_cipher_setiv(cipher->key[2],IV+16,8); } |