SHA_Init(&s);
SHA_Bytes(&s, p, len);
SHA_Final(&s, output);
+ smemclr(&s, sizeof(s));
}
/*
return s;
}
-static void sha1_bytes(void *handle, void *p, int len)
+static void *sha1_copy(const void *vold)
+{
+ const SHA_State *old = (const SHA_State *)vold;
+ SHA_State *s;
+
+ s = snew(SHA_State);
+ *s = *old;
+ return s;
+}
+
+static void sha1_free(void *handle)
+{
+ SHA_State *s = handle;
+
+ smemclr(s, sizeof(*s));
+ sfree(s);
+}
+
+static void sha1_bytes(void *handle, const void *p, int len)
{
SHA_State *s = handle;
SHA_State *s = handle;
SHA_Final(s, output);
- sfree(s);
+ sha1_free(s);
}
const struct ssh_hash ssh_sha1 = {
- sha1_init, sha1_bytes, sha1_final, 20, "SHA-1"
+ sha1_init, sha1_copy, sha1_bytes, sha1_final, sha1_free, 20, "SHA-1"
};
/* ----------------------------------------------------------------------
* HMAC wrapper on it.
*/
-static void *sha1_make_context(void)
+static void *sha1_make_context(void *cipher_ctx)
{
return snewn(3, SHA_State);
}
static void sha1_free_context(void *handle)
{
+ smemclr(handle, 3 * sizeof(SHA_State));
sfree(handle);
}
sha1_generate, sha1_verify,
hmacsha1_start, hmacsha1_bytes, hmacsha1_genresult, hmacsha1_verresult,
"hmac-sha1", "hmac-sha1-etm@openssh.com",
- 20,
+ 20, 20,
"HMAC-SHA1"
};
hmacsha1_start, hmacsha1_bytes,
hmacsha1_96_genresult, hmacsha1_96_verresult,
"hmac-sha1-96", "hmac-sha1-96-etm@openssh.com",
- 12,
+ 12, 20,
"HMAC-SHA1-96"
};
sha1_generate, sha1_verify,
hmacsha1_start, hmacsha1_bytes, hmacsha1_genresult, hmacsha1_verresult,
"hmac-sha1", NULL,
- 20,
+ 20, 16,
"bug-compatible HMAC-SHA1"
};
hmacsha1_start, hmacsha1_bytes,
hmacsha1_96_genresult, hmacsha1_96_verresult,
"hmac-sha1-96", NULL,
- 12,
+ 12, 16,
"bug-compatible HMAC-SHA1-96"
};