diff options
| author | Damien Miller <djm@mindrot.org> | 2002-02-05 11:53:43 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-02-05 11:53:43 +1100 |
| commit | c516e928cdaf2ea3dd666a79d4c89a942b242d68 (patch) | |
| tree | b34d1e8c6610fc9768f546a1557df1efe3a14a68 | |
| parent | 3a8262ffcc04afca626d457da65fc1076681073c (diff) | |
- markus@cvs.openbsd.org 2002/01/25 21:42:11
[ssh-dss.c ssh-rsa.c]
use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
don't use evp_md->md_size, it's not public.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | ssh-dss.c | 20 | ||||
| -rw-r--r-- | ssh-rsa.c | 20 |
3 files changed, 19 insertions, 27 deletions
| @@ -10,6 +10,10 @@ | |||
| 10 | - markus@cvs.openbsd.org 2002/01/25 21:00:24 | 10 | - markus@cvs.openbsd.org 2002/01/25 21:00:24 |
| 11 | [sshconnect2.c] | 11 | [sshconnect2.c] |
| 12 | unused include | 12 | unused include |
| 13 | - markus@cvs.openbsd.org 2002/01/25 21:42:11 | ||
| 14 | [ssh-dss.c ssh-rsa.c] | ||
| 15 | use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@ | ||
| 16 | don't use evp_md->md_size, it's not public. | ||
| 13 | 17 | ||
| 14 | 20020130 | 18 | 20020130 |
| 15 | - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ | 19 | - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ |
| @@ -7412,4 +7416,4 @@ | |||
| 7412 | - Wrote replacements for strlcpy and mkdtemp | 7416 | - Wrote replacements for strlcpy and mkdtemp |
| 7413 | - Released 1.0pre1 | 7417 | - Released 1.0pre1 |
| 7414 | 7418 | ||
| 7415 | $Id: ChangeLog,v 1.1801 2002/02/05 00:53:15 djm Exp $ | 7419 | $Id: ChangeLog,v 1.1802 2002/02/05 00:53:43 djm Exp $ |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: ssh-dss.c,v 1.11 2001/12/27 18:22:16 markus Exp $"); | 26 | RCSID("$OpenBSD: ssh-dss.c,v 1.12 2002/01/25 21:42:11 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
| 29 | #include <openssl/evp.h> | 29 | #include <openssl/evp.h> |
| @@ -48,7 +48,7 @@ ssh_dss_sign( | |||
| 48 | DSA_SIG *sig; | 48 | DSA_SIG *sig; |
| 49 | EVP_MD *evp_md = EVP_sha1(); | 49 | EVP_MD *evp_md = EVP_sha1(); |
| 50 | EVP_MD_CTX md; | 50 | EVP_MD_CTX md; |
| 51 | u_char *digest, *ret, sigblob[SIGBLOB_LEN]; | 51 | u_char *ret, digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; |
| 52 | u_int rlen, slen, len, dlen; | 52 | u_int rlen, slen, len, dlen; |
| 53 | Buffer b; | 53 | Buffer b; |
| 54 | 54 | ||
| @@ -56,16 +56,13 @@ ssh_dss_sign( | |||
| 56 | error("ssh_dss_sign: no DSA key"); | 56 | error("ssh_dss_sign: no DSA key"); |
| 57 | return -1; | 57 | return -1; |
| 58 | } | 58 | } |
| 59 | dlen = evp_md->md_size; | ||
| 60 | digest = xmalloc(dlen); | ||
| 61 | EVP_DigestInit(&md, evp_md); | 59 | EVP_DigestInit(&md, evp_md); |
| 62 | EVP_DigestUpdate(&md, data, datalen); | 60 | EVP_DigestUpdate(&md, data, datalen); |
| 63 | EVP_DigestFinal(&md, digest, NULL); | 61 | EVP_DigestFinal(&md, digest, &dlen); |
| 64 | 62 | ||
| 65 | sig = DSA_do_sign(digest, dlen, key->dsa); | 63 | sig = DSA_do_sign(digest, dlen, key->dsa); |
| 64 | memset(digest, 'd', sizeof(digest)); | ||
| 66 | 65 | ||
| 67 | memset(digest, 0, dlen); | ||
| 68 | xfree(digest); | ||
| 69 | if (sig == NULL) { | 66 | if (sig == NULL) { |
| 70 | error("ssh_dss_sign: sign failed"); | 67 | error("ssh_dss_sign: sign failed"); |
| 71 | return -1; | 68 | return -1; |
| @@ -115,7 +112,7 @@ ssh_dss_verify( | |||
| 115 | DSA_SIG *sig; | 112 | DSA_SIG *sig; |
| 116 | EVP_MD *evp_md = EVP_sha1(); | 113 | EVP_MD *evp_md = EVP_sha1(); |
| 117 | EVP_MD_CTX md; | 114 | EVP_MD_CTX md; |
| 118 | u_char *digest, *sigblob; | 115 | u_char digest[EVP_MAX_MD_SIZE], *sigblob; |
| 119 | u_int len, dlen; | 116 | u_int len, dlen; |
| 120 | int rlen, ret; | 117 | int rlen, ret; |
| 121 | Buffer b; | 118 | Buffer b; |
| @@ -173,16 +170,13 @@ ssh_dss_verify( | |||
| 173 | } | 170 | } |
| 174 | 171 | ||
| 175 | /* sha1 the data */ | 172 | /* sha1 the data */ |
| 176 | dlen = evp_md->md_size; | ||
| 177 | digest = xmalloc(dlen); | ||
| 178 | EVP_DigestInit(&md, evp_md); | 173 | EVP_DigestInit(&md, evp_md); |
| 179 | EVP_DigestUpdate(&md, data, datalen); | 174 | EVP_DigestUpdate(&md, data, datalen); |
| 180 | EVP_DigestFinal(&md, digest, NULL); | 175 | EVP_DigestFinal(&md, digest, &dlen); |
| 181 | 176 | ||
| 182 | ret = DSA_do_verify(digest, dlen, sig, key->dsa); | 177 | ret = DSA_do_verify(digest, dlen, sig, key->dsa); |
| 178 | memset(digest, 'd', sizeof(digest)); | ||
| 183 | 179 | ||
| 184 | memset(digest, 0, dlen); | ||
| 185 | xfree(digest); | ||
| 186 | DSA_SIG_free(sig); | 180 | DSA_SIG_free(sig); |
| 187 | 181 | ||
| 188 | debug("ssh_dss_verify: signature %s", | 182 | debug("ssh_dss_verify: signature %s", |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.14 2001/12/05 10:06:12 deraadt Exp $"); | 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.15 2002/01/25 21:42:11 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
| 29 | #include <openssl/err.h> | 29 | #include <openssl/err.h> |
| @@ -45,7 +45,7 @@ ssh_rsa_sign( | |||
| 45 | { | 45 | { |
| 46 | const EVP_MD *evp_md; | 46 | const EVP_MD *evp_md; |
| 47 | EVP_MD_CTX md; | 47 | EVP_MD_CTX md; |
| 48 | u_char *digest, *sig, *ret; | 48 | u_char digest[EVP_MAX_MD_SIZE], *sig, *ret; |
| 49 | u_int slen, dlen, len; | 49 | u_int slen, dlen, len; |
| 50 | int ok, nid; | 50 | int ok, nid; |
| 51 | Buffer b; | 51 | Buffer b; |
| @@ -63,18 +63,15 @@ ssh_rsa_sign( | |||
| 63 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); | 63 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); |
| 64 | return -1; | 64 | return -1; |
| 65 | } | 65 | } |
| 66 | dlen = evp_md->md_size; | ||
| 67 | digest = xmalloc(dlen); | ||
| 68 | EVP_DigestInit(&md, evp_md); | 66 | EVP_DigestInit(&md, evp_md); |
| 69 | EVP_DigestUpdate(&md, data, datalen); | 67 | EVP_DigestUpdate(&md, data, datalen); |
| 70 | EVP_DigestFinal(&md, digest, NULL); | 68 | EVP_DigestFinal(&md, digest, &dlen); |
| 71 | 69 | ||
| 72 | slen = RSA_size(key->rsa); | 70 | slen = RSA_size(key->rsa); |
| 73 | sig = xmalloc(slen); | 71 | sig = xmalloc(slen); |
| 74 | 72 | ||
| 75 | ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); | 73 | ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); |
| 76 | memset(digest, 'd', dlen); | 74 | memset(digest, 'd', sizeof(digest)); |
| 77 | xfree(digest); | ||
| 78 | 75 | ||
| 79 | if (ok != 1) { | 76 | if (ok != 1) { |
| 80 | int ecode = ERR_get_error(); | 77 | int ecode = ERR_get_error(); |
| @@ -120,7 +117,7 @@ ssh_rsa_verify( | |||
| 120 | const EVP_MD *evp_md; | 117 | const EVP_MD *evp_md; |
| 121 | EVP_MD_CTX md; | 118 | EVP_MD_CTX md; |
| 122 | char *ktype; | 119 | char *ktype; |
| 123 | u_char *sigblob, *digest; | 120 | u_char digest[EVP_MAX_MD_SIZE], *sigblob; |
| 124 | u_int len, dlen; | 121 | u_int len, dlen; |
| 125 | int rlen, ret, nid; | 122 | int rlen, ret, nid; |
| 126 | 123 | ||
| @@ -161,15 +158,12 @@ ssh_rsa_verify( | |||
| 161 | xfree(sigblob); | 158 | xfree(sigblob); |
| 162 | return -1; | 159 | return -1; |
| 163 | } | 160 | } |
| 164 | dlen = evp_md->md_size; | ||
| 165 | digest = xmalloc(dlen); | ||
| 166 | EVP_DigestInit(&md, evp_md); | 161 | EVP_DigestInit(&md, evp_md); |
| 167 | EVP_DigestUpdate(&md, data, datalen); | 162 | EVP_DigestUpdate(&md, data, datalen); |
| 168 | EVP_DigestFinal(&md, digest, NULL); | 163 | EVP_DigestFinal(&md, digest, &dlen); |
| 169 | 164 | ||
| 170 | ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); | 165 | ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
| 171 | memset(digest, 'd', dlen); | 166 | memset(digest, 'd', sizeof(digest)); |
| 172 | xfree(digest); | ||
| 173 | memset(sigblob, 's', len); | 167 | memset(sigblob, 's', len); |
| 174 | xfree(sigblob); | 168 | xfree(sigblob); |
| 175 | if (ret == 0) { | 169 | if (ret == 0) { |