===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/auth-rsa.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- src/usr.bin/ssh/Attic/auth-rsa.c	2000/01/18 09:41:05	1.17
+++ src/usr.bin/ssh/Attic/auth-rsa.c	2000/02/11 10:59:11	1.18
@@ -16,7 +16,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.17 2000/01/18 09:41:05 markus Exp $");
+RCSID("$Id: auth-rsa.c,v 1.18 2000/02/11 10:59:11 markus Exp $");
 
 #include "rsa.h"
 #include "packet.h"
@@ -62,9 +62,9 @@
 int
 auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n)
 {
-	BIGNUM *challenge, *encrypted_challenge, *aux;
+	BIGNUM *challenge, *encrypted_challenge;
 	RSA *pk;
-	BN_CTX *ctx = BN_CTX_new();
+	BN_CTX *ctx;
 	unsigned char buf[32], mdbuf[16], response[16];
 	MD5_CTX md;
 	unsigned int i;
@@ -72,11 +72,12 @@
 
 	encrypted_challenge = BN_new();
 	challenge = BN_new();
-	aux = BN_new();
 
 	/* Generate a random challenge. */
 	BN_rand(challenge, 256, 0, 0);
+	ctx = BN_CTX_new();
 	BN_mod(challenge, challenge, n, ctx);
+	BN_CTX_free(ctx);
 
 	/* Create the public key data structure. */
 	pk = RSA_new();
@@ -93,8 +94,15 @@
 	packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE);
 	packet_put_bignum(encrypted_challenge);
 	packet_send();
+	BN_clear_free(encrypted_challenge);
 	packet_write_wait();
 
+	/* Wait for a response. */
+	packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE);
+	packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE);
+	for (i = 0; i < 16; i++)
+		response[i] = packet_get_char();
+
 	/* The response is MD5 of decrypted challenge plus session id. */
 	len = BN_num_bytes(challenge);
 	if (len <= 0 || len > 32)
@@ -105,18 +113,7 @@
 	MD5_Update(&md, buf, 32);
 	MD5_Update(&md, session_id, 16);
 	MD5_Final(mdbuf, &md);
-
-	/* We will no longer need these. */
-	BN_clear_free(encrypted_challenge);
 	BN_clear_free(challenge);
-	BN_clear_free(aux);
-	BN_CTX_free(ctx);
-
-	/* Wait for a response. */
-	packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE);
-	packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE);
-	for (i = 0; i < 16; i++)
-		response[i] = packet_get_char();
 
 	/* Verify that the response is the original challenge. */
 	if (memcmp(response, mdbuf, 16) != 0) {