summaryrefslogtreecommitdiff
path: root/ssh-ecdsa.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-09-13 02:08:33 +0000
committerDamien Miller <djm@mindrot.org>2018-09-13 12:12:33 +1000
commit482d23bcacdd3664f21cc82a5135f66fc598275f (patch)
tree362f697a94da0a765d1dabcfbf33370b2a4df121 /ssh-ecdsa.c
parentd70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff)
upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
Diffstat (limited to 'ssh-ecdsa.c')
-rw-r--r--ssh-ecdsa.c23
1 files changed, 18 insertions, 5 deletions
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
index 3d3b78d7b..9e92af044 100644
--- a/ssh-ecdsa.c
+++ b/ssh-ecdsa.c
@@ -49,6 +49,7 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
49 const u_char *data, size_t datalen, u_int compat) 49 const u_char *data, size_t datalen, u_int compat)
50{ 50{
51 ECDSA_SIG *sig = NULL; 51 ECDSA_SIG *sig = NULL;
52 const BIGNUM *sig_r, *sig_s;
52 int hash_alg; 53 int hash_alg;
53 u_char digest[SSH_DIGEST_MAX_LENGTH]; 54 u_char digest[SSH_DIGEST_MAX_LENGTH];
54 size_t len, dlen; 55 size_t len, dlen;
@@ -80,8 +81,9 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
80 ret = SSH_ERR_ALLOC_FAIL; 81 ret = SSH_ERR_ALLOC_FAIL;
81 goto out; 82 goto out;
82 } 83 }
83 if ((ret = sshbuf_put_bignum2(bb, sig->r)) != 0 || 84 ECDSA_SIG_get0(sig, &sig_r, &sig_s);
84 (ret = sshbuf_put_bignum2(bb, sig->s)) != 0) 85 if ((ret = sshbuf_put_bignum2(bb, sig_r)) != 0 ||
86 (ret = sshbuf_put_bignum2(bb, sig_s)) != 0)
85 goto out; 87 goto out;
86 if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 || 88 if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 ||
87 (ret = sshbuf_put_stringb(b, bb)) != 0) 89 (ret = sshbuf_put_stringb(b, bb)) != 0)
@@ -112,6 +114,7 @@ ssh_ecdsa_verify(const struct sshkey *key,
112 const u_char *data, size_t datalen, u_int compat) 114 const u_char *data, size_t datalen, u_int compat)
113{ 115{
114 ECDSA_SIG *sig = NULL; 116 ECDSA_SIG *sig = NULL;
117 BIGNUM *sig_r = NULL, *sig_s = NULL;
115 int hash_alg; 118 int hash_alg;
116 u_char digest[SSH_DIGEST_MAX_LENGTH]; 119 u_char digest[SSH_DIGEST_MAX_LENGTH];
117 size_t dlen; 120 size_t dlen;
@@ -146,15 +149,23 @@ ssh_ecdsa_verify(const struct sshkey *key,
146 } 149 }
147 150
148 /* parse signature */ 151 /* parse signature */
149 if ((sig = ECDSA_SIG_new()) == NULL) { 152 if ((sig = ECDSA_SIG_new()) == NULL ||
153 (sig_r = BN_new()) == NULL ||
154 (sig_s = BN_new()) == NULL) {
150 ret = SSH_ERR_ALLOC_FAIL; 155 ret = SSH_ERR_ALLOC_FAIL;
151 goto out; 156 goto out;
152 } 157 }
153 if (sshbuf_get_bignum2(sigbuf, sig->r) != 0 || 158 if (sshbuf_get_bignum2(sigbuf, sig_r) != 0 ||
154 sshbuf_get_bignum2(sigbuf, sig->s) != 0) { 159 sshbuf_get_bignum2(sigbuf, sig_s) != 0) {
155 ret = SSH_ERR_INVALID_FORMAT; 160 ret = SSH_ERR_INVALID_FORMAT;
156 goto out; 161 goto out;
157 } 162 }
163 if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) {
164 ret = SSH_ERR_LIBCRYPTO_ERROR;
165 goto out;
166 }
167 sig_r = sig_s = NULL; /* transferred */
168
158 if (sshbuf_len(sigbuf) != 0) { 169 if (sshbuf_len(sigbuf) != 0) {
159 ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; 170 ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
160 goto out; 171 goto out;
@@ -180,6 +191,8 @@ ssh_ecdsa_verify(const struct sshkey *key,
180 sshbuf_free(sigbuf); 191 sshbuf_free(sigbuf);
181 sshbuf_free(b); 192 sshbuf_free(b);
182 ECDSA_SIG_free(sig); 193 ECDSA_SIG_free(sig);
194 BN_clear_free(sig_r);
195 BN_clear_free(sig_s);
183 free(ktype); 196 free(ktype);
184 return ret; 197 return ret;
185} 198}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-10 12:49:25 +0000