summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/sshconnect.c
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2000-01-16 23:53:03 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2000-01-16 23:53:03 +0000
commit4cc0f9f6e6ba6c9e4861eebb148cd4dab4395086 (patch)
treeb6da1129d5c8b522811926bf4c1f24c78dadcc71 /usr.bin/ssh/sshconnect.c
parente48256b1f3b7eb1db101358d309025e723b654ad (diff)
destroy keys earlier
Diffstat (limited to 'usr.bin/ssh/sshconnect.c')
-rw-r--r--usr.bin/ssh/sshconnect.c14
1 files changed, 7 insertions, 7 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index f16e2b32dab..22bbc64f166 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -8,7 +8,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.51 2000/01/16 23:03:10 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.52 2000/01/16 23:53:02 markus Exp $");
#include <ssl/bn.h>
#include "xmalloc.h"
@@ -1406,6 +1406,10 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
rsa_public_encrypt(key, key, public_key);
}
+ /* Destroy the public keys since we no longer need them. */
+ RSA_free(public_key);
+ RSA_free(host_key);
+
if (options.cipher == SSH_CIPHER_NOT_SET) {
if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default))
options.cipher = ssh_cipher_default;
@@ -1431,8 +1435,9 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
for (i = 0; i < 8; i++)
packet_put_char(cookie[i]);
- /* Send the encrypted encryption key. */
+ /* Send and destroy the encrypted encryption key integer. */
packet_put_bignum(key);
+ BN_clear_free(key);
/* Send protocol flags. */
packet_put_int(client_flags);
@@ -1441,11 +1446,6 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
packet_send();
packet_write_wait();
- /* Destroy the session key integer and the public keys since we no longer need them. */
- BN_clear_free(key);
- RSA_free(public_key);
- RSA_free(host_key);
-
debug("Sent encrypted session key.");
/* Set the encryption key. */