diff options
author | Simo Sorce <simo@redhat.com> | 2018-10-03 09:14:45 -0400 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-03-07 12:02:23 +0100 |
commit | 449954d99afc2a2074c18f44d46f7f196d2be68c (patch) | |
tree | 48d02a74a995ceceb07c91d93b41e2e98baef71d /src | |
parent | 7c444c09d7bdba1f0409ea8f874ccd283f2daa52 (diff) | |
download | libssh-449954d99afc2a2074c18f44d46f7f196d2be68c.tar.gz libssh-449954d99afc2a2074c18f44d46f7f196d2be68c.tar.xz libssh-449954d99afc2a2074c18f44d46f7f196d2be68c.zip |
Fix crypto_free zeroing of encryption keys
The zeroing MUST use the correct cipher length as keys can be both
longer or shorter than the digest. In one case only some part of the key
may end up being zeroed, in the other memory corruption may happen as
we zero memory we do not own.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/wrapper.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/wrapper.c b/src/wrapper.c index e13b4c27..ca04f5b2 100644 --- a/src/wrapper.c +++ b/src/wrapper.c @@ -168,9 +168,6 @@ void crypto_free(struct ssh_crypto_struct *crypto) ssh_key_free(crypto->server_pubkey); - cipher_free(crypto->in_cipher); - cipher_free(crypto->out_cipher); - ssh_dh_cleanup(crypto); bignum_safe_free(crypto->k); #ifdef HAVE_ECDH @@ -211,14 +208,17 @@ void crypto_free(struct ssh_crypto_struct *crypto) SAFE_FREE(crypto->encryptMAC); SAFE_FREE(crypto->decryptMAC); if (crypto->encryptkey != NULL) { - explicit_bzero(crypto->encryptkey, crypto->digest_len); + explicit_bzero(crypto->encryptkey, crypto->out_cipher->keysize / 8); SAFE_FREE(crypto->encryptkey); } if (crypto->decryptkey != NULL) { - explicit_bzero(crypto->decryptkey, crypto->digest_len); + explicit_bzero(crypto->decryptkey, crypto->in_cipher->keysize / 8); SAFE_FREE(crypto->decryptkey); } + cipher_free(crypto->in_cipher); + cipher_free(crypto->out_cipher); + for (i = 0; i < SSH_KEX_METHODS; i++) { SAFE_FREE(crypto->client_kex.methods[i]); SAFE_FREE(crypto->server_kex.methods[i]); |