diff options
author | Damien Miller <djm@mindrot.org> | 2002-02-05 11:53:43 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2002-02-05 11:53:43 +1100 |
commit | c516e928cdaf2ea3dd666a79d4c89a942b242d68 (patch) | |
tree | b34d1e8c6610fc9768f546a1557df1efe3a14a68 | |
parent | 3a8262ffcc04afca626d457da65fc1076681073c (diff) |
- markus@cvs.openbsd.org 2002/01/25 21:42:11
[ssh-dss.c ssh-rsa.c]
use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
don't use evp_md->md_size, it's not public.
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | ssh-dss.c | 20 | ||||
-rw-r--r-- | ssh-rsa.c | 20 |
3 files changed, 19 insertions, 27 deletions
@@ -10,6 +10,10 @@ | |||
10 | - markus@cvs.openbsd.org 2002/01/25 21:00:24 | 10 | - markus@cvs.openbsd.org 2002/01/25 21:00:24 |
11 | [sshconnect2.c] | 11 | [sshconnect2.c] |
12 | unused include | 12 | unused include |
13 | - markus@cvs.openbsd.org 2002/01/25 21:42:11 | ||
14 | [ssh-dss.c ssh-rsa.c] | ||
15 | use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@ | ||
16 | don't use evp_md->md_size, it's not public. | ||
13 | 17 | ||
14 | 20020130 | 18 | 20020130 |
15 | - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ | 19 | - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ |
@@ -7412,4 +7416,4 @@ | |||
7412 | - Wrote replacements for strlcpy and mkdtemp | 7416 | - Wrote replacements for strlcpy and mkdtemp |
7413 | - Released 1.0pre1 | 7417 | - Released 1.0pre1 |
7414 | 7418 | ||
7415 | $Id: ChangeLog,v 1.1801 2002/02/05 00:53:15 djm Exp $ | 7419 | $Id: ChangeLog,v 1.1802 2002/02/05 00:53:43 djm Exp $ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-dss.c,v 1.11 2001/12/27 18:22:16 markus Exp $"); | 26 | RCSID("$OpenBSD: ssh-dss.c,v 1.12 2002/01/25 21:42:11 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/evp.h> | 29 | #include <openssl/evp.h> |
@@ -48,7 +48,7 @@ ssh_dss_sign( | |||
48 | DSA_SIG *sig; | 48 | DSA_SIG *sig; |
49 | EVP_MD *evp_md = EVP_sha1(); | 49 | EVP_MD *evp_md = EVP_sha1(); |
50 | EVP_MD_CTX md; | 50 | EVP_MD_CTX md; |
51 | u_char *digest, *ret, sigblob[SIGBLOB_LEN]; | 51 | u_char *ret, digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; |
52 | u_int rlen, slen, len, dlen; | 52 | u_int rlen, slen, len, dlen; |
53 | Buffer b; | 53 | Buffer b; |
54 | 54 | ||
@@ -56,16 +56,13 @@ ssh_dss_sign( | |||
56 | error("ssh_dss_sign: no DSA key"); | 56 | error("ssh_dss_sign: no DSA key"); |
57 | return -1; | 57 | return -1; |
58 | } | 58 | } |
59 | dlen = evp_md->md_size; | ||
60 | digest = xmalloc(dlen); | ||
61 | EVP_DigestInit(&md, evp_md); | 59 | EVP_DigestInit(&md, evp_md); |
62 | EVP_DigestUpdate(&md, data, datalen); | 60 | EVP_DigestUpdate(&md, data, datalen); |
63 | EVP_DigestFinal(&md, digest, NULL); | 61 | EVP_DigestFinal(&md, digest, &dlen); |
64 | 62 | ||
65 | sig = DSA_do_sign(digest, dlen, key->dsa); | 63 | sig = DSA_do_sign(digest, dlen, key->dsa); |
64 | memset(digest, 'd', sizeof(digest)); | ||
66 | 65 | ||
67 | memset(digest, 0, dlen); | ||
68 | xfree(digest); | ||
69 | if (sig == NULL) { | 66 | if (sig == NULL) { |
70 | error("ssh_dss_sign: sign failed"); | 67 | error("ssh_dss_sign: sign failed"); |
71 | return -1; | 68 | return -1; |
@@ -115,7 +112,7 @@ ssh_dss_verify( | |||
115 | DSA_SIG *sig; | 112 | DSA_SIG *sig; |
116 | EVP_MD *evp_md = EVP_sha1(); | 113 | EVP_MD *evp_md = EVP_sha1(); |
117 | EVP_MD_CTX md; | 114 | EVP_MD_CTX md; |
118 | u_char *digest, *sigblob; | 115 | u_char digest[EVP_MAX_MD_SIZE], *sigblob; |
119 | u_int len, dlen; | 116 | u_int len, dlen; |
120 | int rlen, ret; | 117 | int rlen, ret; |
121 | Buffer b; | 118 | Buffer b; |
@@ -173,16 +170,13 @@ ssh_dss_verify( | |||
173 | } | 170 | } |
174 | 171 | ||
175 | /* sha1 the data */ | 172 | /* sha1 the data */ |
176 | dlen = evp_md->md_size; | ||
177 | digest = xmalloc(dlen); | ||
178 | EVP_DigestInit(&md, evp_md); | 173 | EVP_DigestInit(&md, evp_md); |
179 | EVP_DigestUpdate(&md, data, datalen); | 174 | EVP_DigestUpdate(&md, data, datalen); |
180 | EVP_DigestFinal(&md, digest, NULL); | 175 | EVP_DigestFinal(&md, digest, &dlen); |
181 | 176 | ||
182 | ret = DSA_do_verify(digest, dlen, sig, key->dsa); | 177 | ret = DSA_do_verify(digest, dlen, sig, key->dsa); |
178 | memset(digest, 'd', sizeof(digest)); | ||
183 | 179 | ||
184 | memset(digest, 0, dlen); | ||
185 | xfree(digest); | ||
186 | DSA_SIG_free(sig); | 180 | DSA_SIG_free(sig); |
187 | 181 | ||
188 | debug("ssh_dss_verify: signature %s", | 182 | debug("ssh_dss_verify: signature %s", |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.14 2001/12/05 10:06:12 deraadt Exp $"); | 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.15 2002/01/25 21:42:11 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
29 | #include <openssl/err.h> | 29 | #include <openssl/err.h> |
@@ -45,7 +45,7 @@ ssh_rsa_sign( | |||
45 | { | 45 | { |
46 | const EVP_MD *evp_md; | 46 | const EVP_MD *evp_md; |
47 | EVP_MD_CTX md; | 47 | EVP_MD_CTX md; |
48 | u_char *digest, *sig, *ret; | 48 | u_char digest[EVP_MAX_MD_SIZE], *sig, *ret; |
49 | u_int slen, dlen, len; | 49 | u_int slen, dlen, len; |
50 | int ok, nid; | 50 | int ok, nid; |
51 | Buffer b; | 51 | Buffer b; |
@@ -63,18 +63,15 @@ ssh_rsa_sign( | |||
63 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); | 63 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); |
64 | return -1; | 64 | return -1; |
65 | } | 65 | } |
66 | dlen = evp_md->md_size; | ||
67 | digest = xmalloc(dlen); | ||
68 | EVP_DigestInit(&md, evp_md); | 66 | EVP_DigestInit(&md, evp_md); |
69 | EVP_DigestUpdate(&md, data, datalen); | 67 | EVP_DigestUpdate(&md, data, datalen); |
70 | EVP_DigestFinal(&md, digest, NULL); | 68 | EVP_DigestFinal(&md, digest, &dlen); |
71 | 69 | ||
72 | slen = RSA_size(key->rsa); | 70 | slen = RSA_size(key->rsa); |
73 | sig = xmalloc(slen); | 71 | sig = xmalloc(slen); |
74 | 72 | ||
75 | ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); | 73 | ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); |
76 | memset(digest, 'd', dlen); | 74 | memset(digest, 'd', sizeof(digest)); |
77 | xfree(digest); | ||
78 | 75 | ||
79 | if (ok != 1) { | 76 | if (ok != 1) { |
80 | int ecode = ERR_get_error(); | 77 | int ecode = ERR_get_error(); |
@@ -120,7 +117,7 @@ ssh_rsa_verify( | |||
120 | const EVP_MD *evp_md; | 117 | const EVP_MD *evp_md; |
121 | EVP_MD_CTX md; | 118 | EVP_MD_CTX md; |
122 | char *ktype; | 119 | char *ktype; |
123 | u_char *sigblob, *digest; | 120 | u_char digest[EVP_MAX_MD_SIZE], *sigblob; |
124 | u_int len, dlen; | 121 | u_int len, dlen; |
125 | int rlen, ret, nid; | 122 | int rlen, ret, nid; |
126 | 123 | ||
@@ -161,15 +158,12 @@ ssh_rsa_verify( | |||
161 | xfree(sigblob); | 158 | xfree(sigblob); |
162 | return -1; | 159 | return -1; |
163 | } | 160 | } |
164 | dlen = evp_md->md_size; | ||
165 | digest = xmalloc(dlen); | ||
166 | EVP_DigestInit(&md, evp_md); | 161 | EVP_DigestInit(&md, evp_md); |
167 | EVP_DigestUpdate(&md, data, datalen); | 162 | EVP_DigestUpdate(&md, data, datalen); |
168 | EVP_DigestFinal(&md, digest, NULL); | 163 | EVP_DigestFinal(&md, digest, &dlen); |
169 | 164 | ||
170 | ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); | 165 | ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
171 | memset(digest, 'd', dlen); | 166 | memset(digest, 'd', sizeof(digest)); |
172 | xfree(digest); | ||
173 | memset(sigblob, 's', len); | 167 | memset(sigblob, 's', len); |
174 | xfree(sigblob); | 168 | xfree(sigblob); |
175 | if (ret == 0) { | 169 | if (ret == 0) { |