keyfiles.c and wrapper.c: Remove useless secure memory flag (for libgcrypt)

dh.c: Initialize libgcrypt only if not done before
client.c: Remove cleanup of cryptograhpic library. This needs to be put
somewhere, like in a crypto_finish function or something.



git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@70 7dcaeef0-15fb-0310-b436-a5af3365683c

libssh/client.c

@@ -20,13 +20,11 @@ the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 MA 02111-1307, USA. */
 
 #include <stdio.h>
-#include <unistd.h>
 #include <stdlib.h>
 #include <string.h>
 #include <netdb.h>
 #include "libssh/priv.h"
 #include "libssh/ssh2.h"
-extern int connections;
 
 #define set_status(opt,status) do {\
         if (opt->connect_status_function) \
@@ -316,12 +314,6 @@ void ssh_disconnect(SSH_SESSION *session){
     }
     session->alive=0;
     ssh_cleanup(session);
-    if (!--connections)
-#ifdef HAVE_LIBGCRYPT
-      gcry_control(GCRYCTL_TERM_SECMEM);
-#elif defined HAVE_LIBCRYPTO
-      EVP_cleanup();
-#endif
 }
 
 const char *ssh_copyright(){

libssh/crypt.c

@@ -78,7 +78,7 @@ unsigned char * packet_encrypt(SSH_SESSION *session,void *data,u32 len){
 #endif
     out=malloc(len);
     if(session->version==2){
-        ctx=hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1);	
+        ctx=hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1);
         hmac_update(ctx,(unsigned char *)&seq,sizeof(u32));
         hmac_update(ctx,data,len);
         hmac_final(ctx,session->current_crypto->hmacbuf,&finallen);

libssh/dh.c

@@ -37,9 +37,9 @@ MA 02111-1307, USA. */
 
 #include <stdio.h>
 #include <stdlib.h>
-#include <unistd.h>
-#include <fcntl.h>
 #include <netdb.h>
+#include <string.h>
+#include "libssh/crypto.h"    
 #include "libssh/priv.h"
 
 #ifdef HAVE_LIBCRYPTO
@@ -47,8 +47,7 @@ MA 02111-1307, USA. */
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #endif
-#include <string.h>
-#include "libssh/crypto.h"    
+
 static unsigned char p_value[] = {
         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
         0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
@@ -67,8 +66,6 @@ static unsigned long g_int = 2 ;	/* G is defined as 2 by the ssh2 standards */
 static bignum g;
 static bignum p;
 
-int connections = 0;
-
 /* maybe it might be enhanced .... */
 /* XXX Do it. */		
 int ssh_get_random(void *where, int len, int strong){
@@ -93,6 +90,11 @@ void ssh_crypto_init(){
     if(!init){
 #ifdef HAVE_LIBGCRYPT
         gcry_check_version(NULL);
+	if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P,0))
+	{
+	  gcry_control(GCRYCTL_INIT_SECMEM, 4096);
+	  gcry_control(GCRYCTL_INITIALIZATION_FINISHED,0);
+	}
 #endif
         g=bignum_new();
         bignum_set_word(g,g_int);
@@ -101,16 +103,9 @@ void ssh_crypto_init(){
 #elif defined HAVE_LIBCRYPTO
         p=bignum_new();
         bignum_bin2bn(p_value,P_LEN,p);
-#endif
-        init++;
-    }
-    if (!connections++){
-#ifdef HAVE_LIBGCRYPT
-        gcry_control(GCRYCTL_INIT_SECMEM,524288,0);
-        gcry_control(GCRYCTL_INITIALIZATION_FINISHED,0);
-#elif defined HAVE_LIBCRYPTO
         OpenSSL_add_all_algorithms();
 #endif
+        init++;
     }
 }
 

libssh/keyfiles.c

@@ -208,7 +208,7 @@ int privatekey_decrypt(int algo, int mode, unsigned int key_len,
   if (passphrase_len <= 0)
     return 0;
   passphrase_to_key(passphrase, passphrase_len, iv, key, key_len);
-  if (gcry_cipher_open(&cipher, algo, mode, GCRY_CIPHER_SECURE)
+  if (gcry_cipher_open(&cipher, algo, mode, 0)
       || gcry_cipher_setkey(cipher, key, key_len)
       || gcry_cipher_setiv(cipher, iv, iv_len)
       || !(tmp = malloc(buffer_get_len(data) * sizeof (char)))

libssh/wrapper.c

@@ -35,7 +35,7 @@ MA 02111-1307, USA. */
 
 SHACTX sha1_init(){
     SHACTX ret;
-    gcry_md_open(&ret,GCRY_MD_SHA1,GCRY_MD_FLAG_SECURE);
+    gcry_md_open(&ret,GCRY_MD_SHA1,0);
     return ret;
 }
 void sha1_update(SHACTX c, const void *data, unsigned long len){
@@ -52,7 +52,7 @@ void sha1(unsigned char *digest,int len,unsigned char *hash){
 
 MD5CTX md5_init(){
     MD5CTX ret;
-    gcry_md_open(&ret,GCRY_MD_MD5,GCRY_MD_FLAG_SECURE);
+    gcry_md_open(&ret,GCRY_MD_MD5,0);
     return ret;
 }
 void md5_update(MD5CTX c, const void *data, unsigned long len){
@@ -68,10 +68,10 @@ HMACCTX hmac_init(const void *key, int len,int type){
     HMACCTX c;
     switch(type){
         case HMAC_SHA1:
-            gcry_md_open(&c,GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE);
+            gcry_md_open(&c,GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
             break;
         case HMAC_MD5:
-            gcry_md_open(&c,GCRY_MD_MD5, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE);
+            gcry_md_open(&c,GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
             break;
         default:
             c=NULL;
@@ -97,7 +97,7 @@ static void alloc_key(struct crypto_struct *cipher){
 static void blowfish_set_key(struct crypto_struct *cipher, void *key, void *IV){
     if(!cipher->key){
         alloc_key(cipher);
-        gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_BLOWFISH,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE);
+        gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_BLOWFISH,GCRY_CIPHER_MODE_CBC,0);
         gcry_cipher_setkey(cipher->key[0],key,16);
         gcry_cipher_setiv(cipher->key[0],IV,8);
     }
@@ -116,13 +116,13 @@ static void aes_set_key(struct crypto_struct *cipher, void *key, void *IV){
         alloc_key(cipher);
         switch(cipher->keysize){
           case 128:
-            gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_AES128,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE);
+            gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_AES128,GCRY_CIPHER_MODE_CBC,0);
             break;
           case 192:
-            gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_AES192,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE);
+            gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_AES192,GCRY_CIPHER_MODE_CBC,0);
             break;
           case 256:
-            gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_AES256,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE);
+            gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_AES256,GCRY_CIPHER_MODE_CBC,0);
             break;
         }
         gcry_cipher_setkey(cipher->key[0],key,cipher->keysize/8);
@@ -141,7 +141,7 @@ static void aes_decrypt(struct crypto_struct *cipher, void *in, void *out,unsign
 static void des3_set_key(struct crypto_struct *cipher, void *key, void *IV){
     if(!cipher->key){
         alloc_key(cipher);
-        gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_3DES,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE);
+        gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_3DES,GCRY_CIPHER_MODE_CBC,0);
         gcry_cipher_setkey(cipher->key[0],key,24);
         gcry_cipher_setiv(cipher->key[0],IV,8);
     }
@@ -160,13 +160,13 @@ static void des3_decrypt(struct crypto_struct *cipher, void *in, void *out,
 static void des3_1_set_key(struct crypto_struct *cipher, void *key, void *IV){
     if(!cipher->key){
         alloc_key(cipher);
-        gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_DES,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE);
+        gcry_cipher_open(&cipher->key[0],GCRY_CIPHER_DES,GCRY_CIPHER_MODE_CBC,0);
         gcry_cipher_setkey(cipher->key[0],key,8);
         gcry_cipher_setiv(cipher->key[0],IV,8);
-        gcry_cipher_open(&cipher->key[1],GCRY_CIPHER_DES,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE);
+        gcry_cipher_open(&cipher->key[1],GCRY_CIPHER_DES,GCRY_CIPHER_MODE_CBC,0);
         gcry_cipher_setkey(cipher->key[1],key+8,8);
         gcry_cipher_setiv(cipher->key[1],IV+8,8);
-        gcry_cipher_open(&cipher->key[2],GCRY_CIPHER_DES,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_SECURE);
+        gcry_cipher_open(&cipher->key[2],GCRY_CIPHER_DES,GCRY_CIPHER_MODE_CBC,0);
         gcry_cipher_setkey(cipher->key[2],key+16,8);
         gcry_cipher_setiv(cipher->key[2],IV+16,8);
     }