- markus@cvs.openbsd.org 2001/03/27 10:34:08

[ssh-rsa.c sshd.c] use EVP_get_digestbynid, reorder some calls and fix missing free.
author: Ben Lindstrom <mouring@eviladmin.org> 2001-03-29 00:31:20 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2001-03-29 00:31:20 +0000
commit: 425fb02f20671c332af7b718d1c0e797ad0699eb (patch)
tree: 66a4ac12032a214bcff2d979e97f6915917e08f3
parent: d09fcf5f6e6905ee2f04b81b6ad97e6d244f5c2a (diff)
3 files changed, 28 insertions, 14 deletions
diff --git a/ChangeLog b/ChangeLog
index bf670de5a..5954eeaa5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,9 @@
   - markus@cvs.openbsd.org 2001/03/26 23:23:24
     [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
     try to read private f-secure ssh v2 rsa keys.
+   - markus@cvs.openbsd.org 2001/03/27 10:34:08
+     [ssh-rsa.c sshd.c]
+     use EVP_get_digestbynid, reorder some calls and fix missing free.
 20010328
 - (djm) Reorder tests and library inclusion for Krb4/AFS to try to 
@@ -4747,4 +4750,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1028 2001/03/29 00:29:54 mouring Exp $
+$Id: ChangeLog,v 1.1029 2001/03/29 00:31:20 mouring Exp $
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 9de0e7b08..a2153bd1a 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.6 2001/02/08 19:30:52 itojun Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -42,27 +42,32 @@ ssh_rsa_sign(
    u_char **sigp, int *lenp,
    u_char *data, int datalen)
 {
-        EVP_MD *evp_md = EVP_sha1();
+        const EVP_MD *evp_md;
        EVP_MD_CTX md;
        u_char *digest, *sig, *ret;
        u_int slen, dlen, len;
-        int ok;
+        int ok, nid;
        Buffer b;
        if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) {
                error("ssh_rsa_sign: no RSA key");
                return -1;
        }
-        slen = RSA_size(key->rsa);
+        nid = NID_sha1;
-        sig = xmalloc(slen);
+        if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
+                error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
+                return -1;
+        }
        dlen = evp_md->md_size;
        digest = xmalloc(dlen);
        EVP_DigestInit(&md, evp_md);
        EVP_DigestUpdate(&md, data, datalen);
        EVP_DigestFinal(&md, digest, NULL);
-        ok = RSA_sign(NID_sha1, digest, dlen, sig, &len, key->rsa);
+        slen = RSA_size(key->rsa);
+        sig = xmalloc(slen);
+        ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
        memset(digest, 'd', dlen);
        xfree(digest);
@@ -108,13 +113,12 @@ ssh_rsa_verify(
    u_char *data, int datalen)
 {
        Buffer b;
-        EVP_MD *evp_md = EVP_sha1();
+        const EVP_MD *evp_md;
        EVP_MD_CTX md;
        char *ktype;
        u_char *sigblob, *digest;
        u_int len, dlen;
-        int rlen;
+        int rlen, ret, nid;
-        int ret;
        if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) {
                error("ssh_rsa_verify: no RSA key");
@@ -139,17 +143,23 @@ ssh_rsa_verify(
        rlen = buffer_len(&b);
        buffer_free(&b);
        if(rlen != 0) {
+                xfree(sigblob);
                error("ssh_rsa_verify: remaining bytes in signature %d", rlen);
                return -1;
        }
+        nid = NID_sha1;
+        if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
+                xfree(sigblob);
+                error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
+                return -1;
+        }
        dlen = evp_md->md_size;
        digest = xmalloc(dlen);
        EVP_DigestInit(&md, evp_md);
        EVP_DigestUpdate(&md, data, datalen);
        EVP_DigestFinal(&md, digest, NULL);
-        ret = RSA_verify(NID_sha1, digest, dlen, sigblob, len, key->rsa);
+        ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
        memset(digest, 'd', dlen);
        xfree(digest);
        memset(sigblob, 's', len);
diff --git a/sshd.c b/sshd.c
index 67bef9f43..961aeeaa0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.179 2001/03/26 08:07:09 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.180 2001/03/27 10:34:08 markus Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -648,6 +648,7 @@ main(int ac, char **av)
                        exit(1);
                }
        }
+        SSLeay_add_all_algorithms();
        /*
         * Force logging to stderr until we have loaded the private host
author	Ben Lindstrom <mouring@eviladmin.org>	2001-03-29 00:31:20 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2001-03-29 00:31:20 +0000
commit	425fb02f20671c332af7b718d1c0e797ad0699eb (patch)
tree	66a4ac12032a214bcff2d979e97f6915917e08f3
parent	d09fcf5f6e6905ee2f04b81b6ad97e6d244f5c2a (diff)

diff --git a/ChangeLog b/ChangeLog index bf670de5a..5954eeaa5 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -9,6 +9,9 @@
9	- markus@cvs.openbsd.org 2001/03/26 23:23:24	9	- markus@cvs.openbsd.org 2001/03/26 23:23:24
10	[rsa.c rsa.h ssh-agent.c ssh-keygen.c]	10	[rsa.c rsa.h ssh-agent.c ssh-keygen.c]
11	try to read private f-secure ssh v2 rsa keys.	11	try to read private f-secure ssh v2 rsa keys.
		12	- markus@cvs.openbsd.org 2001/03/27 10:34:08
		13	[ssh-rsa.c sshd.c]
		14	use EVP_get_digestbynid, reorder some calls and fix missing free.
12		15
13	20010328	16	20010328
14	- (djm) Reorder tests and library inclusion for Krb4/AFS to try to	17	- (djm) Reorder tests and library inclusion for Krb4/AFS to try to
@@ -4747,4 +4750,4 @@
4747	- Wrote replacements for strlcpy and mkdtemp	4750	- Wrote replacements for strlcpy and mkdtemp
4748	- Released 1.0pre1	4751	- Released 1.0pre1
4749		4752
4750	$Id: ChangeLog,v 1.1028 2001/03/29 00:29:54 mouring Exp $	4753	$Id: ChangeLog,v 1.1029 2001/03/29 00:31:20 mouring Exp $


diff --git a/ssh-rsa.c b/ssh-rsa.c index 9de0e7b08..a2153bd1a 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: ssh-rsa.c,v 1.6 2001/02/08 19:30:52 itojun Exp $");	26	RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $");
27		27
28	#include <openssl/evp.h>	28	#include <openssl/evp.h>
29	#include <openssl/err.h>	29	#include <openssl/err.h>
@@ -42,27 +42,32 @@ ssh_rsa_sign(
42	u_char *sigp, int lenp,	42	u_char *sigp, int lenp,
43	u_char *data, int datalen)	43	u_char *data, int datalen)
44	{	44	{
45	EVP_MD *evp_md = EVP_sha1();	45	const EVP_MD *evp_md;
46	EVP_MD_CTX md;	46	EVP_MD_CTX md;
47	u_char digest, sig, *ret;	47	u_char digest, sig, *ret;
48	u_int slen, dlen, len;	48	u_int slen, dlen, len;
49	int ok;	49	int ok, nid;
50	Buffer b;	50	Buffer b;
51		51
52	if (key == NULL \|\| key->type != KEY_RSA \|\| key->rsa == NULL) {	52	if (key == NULL \|\| key->type != KEY_RSA \|\| key->rsa == NULL) {
53	error("ssh_rsa_sign: no RSA key");	53	error("ssh_rsa_sign: no RSA key");
54	return -1;	54	return -1;
55	}	55	}
56	slen = RSA_size(key->rsa);	56	nid = NID_sha1;
57	sig = xmalloc(slen);	57	if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
58		58	error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
		59	return -1;
		60	}
59	dlen = evp_md->md_size;	61	dlen = evp_md->md_size;
60	digest = xmalloc(dlen);	62	digest = xmalloc(dlen);
61	EVP_DigestInit(&md, evp_md);	63	EVP_DigestInit(&md, evp_md);
62	EVP_DigestUpdate(&md, data, datalen);	64	EVP_DigestUpdate(&md, data, datalen);
63	EVP_DigestFinal(&md, digest, NULL);	65	EVP_DigestFinal(&md, digest, NULL);
64		66
65	ok = RSA_sign(NID_sha1, digest, dlen, sig, &len, key->rsa);	67	slen = RSA_size(key->rsa);
		68	sig = xmalloc(slen);
		69
		70	ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
66	memset(digest, 'd', dlen);	71	memset(digest, 'd', dlen);
67	xfree(digest);	72	xfree(digest);
68		73
@@ -108,13 +113,12 @@ ssh_rsa_verify(
108	u_char *data, int datalen)	113	u_char *data, int datalen)
109	{	114	{
110	Buffer b;	115	Buffer b;
111	EVP_MD *evp_md = EVP_sha1();	116	const EVP_MD *evp_md;
112	EVP_MD_CTX md;	117	EVP_MD_CTX md;
113	char *ktype;	118	char *ktype;
114	u_char sigblob, digest;	119	u_char sigblob, digest;
115	u_int len, dlen;	120	u_int len, dlen;
116	int rlen;	121	int rlen, ret, nid;
117	int ret;
118		122
119	if (key == NULL \|\| key->type != KEY_RSA \|\| key->rsa == NULL) {	123	if (key == NULL \|\| key->type != KEY_RSA \|\| key->rsa == NULL) {
120	error("ssh_rsa_verify: no RSA key");	124	error("ssh_rsa_verify: no RSA key");
@@ -139,17 +143,23 @@ ssh_rsa_verify(
139	rlen = buffer_len(&b);	143	rlen = buffer_len(&b);
140	buffer_free(&b);	144	buffer_free(&b);
141	if(rlen != 0) {	145	if(rlen != 0) {
		146	xfree(sigblob);
142	error("ssh_rsa_verify: remaining bytes in signature %d", rlen);	147	error("ssh_rsa_verify: remaining bytes in signature %d", rlen);
143	return -1;	148	return -1;
144	}	149	}
145		150	nid = NID_sha1;
		151	if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
		152	xfree(sigblob);
		153	error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
		154	return -1;
		155	}
146	dlen = evp_md->md_size;	156	dlen = evp_md->md_size;
147	digest = xmalloc(dlen);	157	digest = xmalloc(dlen);
148	EVP_DigestInit(&md, evp_md);	158	EVP_DigestInit(&md, evp_md);
149	EVP_DigestUpdate(&md, data, datalen);	159	EVP_DigestUpdate(&md, data, datalen);
150	EVP_DigestFinal(&md, digest, NULL);	160	EVP_DigestFinal(&md, digest, NULL);
151		161
152	ret = RSA_verify(NID_sha1, digest, dlen, sigblob, len, key->rsa);	162	ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
153	memset(digest, 'd', dlen);	163	memset(digest, 'd', dlen);
154	xfree(digest);	164	xfree(digest);
155	memset(sigblob, 's', len);	165	memset(sigblob, 's', len);


diff --git a/sshd.c b/sshd.c index 67bef9f43..961aeeaa0 100644 --- a/sshd.c +++ b/sshd.c
@@ -40,7 +40,7 @@
40	*/	40	*/
41		41
42	#include "includes.h"	42	#include "includes.h"
43	RCSID("$OpenBSD: sshd.c,v 1.179 2001/03/26 08:07:09 markus Exp $");	43	RCSID("$OpenBSD: sshd.c,v 1.180 2001/03/27 10:34:08 markus Exp $");
44		44
45	#include <openssl/dh.h>	45	#include <openssl/dh.h>
46	#include <openssl/bn.h>	46	#include <openssl/bn.h>
@@ -648,6 +648,7 @@ main(int ac, char **av)
648	exit(1);	648	exit(1);
649	}	649	}
650	}	650	}
		651	SSLeay_add_all_algorithms();
651		652
652	/*	653	/*
653	* Force logging to stderr until we have loaded the private host	654	* Force logging to stderr until we have loaded the private host