diff options
author | Damien Miller <djm@mindrot.org> | 2002-02-05 11:53:43 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2002-02-05 11:53:43 +1100 |
commit | c516e928cdaf2ea3dd666a79d4c89a942b242d68 (patch) | |
tree | b34d1e8c6610fc9768f546a1557df1efe3a14a68 /ssh-rsa.c | |
parent | 3a8262ffcc04afca626d457da65fc1076681073c (diff) |
- markus@cvs.openbsd.org 2002/01/25 21:42:11
[ssh-dss.c ssh-rsa.c]
use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
don't use evp_md->md_size, it's not public.
Diffstat (limited to 'ssh-rsa.c')
-rw-r--r-- | ssh-rsa.c | 20 |
1 files changed, 7 insertions, 13 deletions
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.14 2001/12/05 10:06:12 deraadt Exp $"); | 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.15 2002/01/25 21:42:11 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
29 | #include <openssl/err.h> | 29 | #include <openssl/err.h> |
@@ -45,7 +45,7 @@ ssh_rsa_sign( | |||
45 | { | 45 | { |
46 | const EVP_MD *evp_md; | 46 | const EVP_MD *evp_md; |
47 | EVP_MD_CTX md; | 47 | EVP_MD_CTX md; |
48 | u_char *digest, *sig, *ret; | 48 | u_char digest[EVP_MAX_MD_SIZE], *sig, *ret; |
49 | u_int slen, dlen, len; | 49 | u_int slen, dlen, len; |
50 | int ok, nid; | 50 | int ok, nid; |
51 | Buffer b; | 51 | Buffer b; |
@@ -63,18 +63,15 @@ ssh_rsa_sign( | |||
63 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); | 63 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); |
64 | return -1; | 64 | return -1; |
65 | } | 65 | } |
66 | dlen = evp_md->md_size; | ||
67 | digest = xmalloc(dlen); | ||
68 | EVP_DigestInit(&md, evp_md); | 66 | EVP_DigestInit(&md, evp_md); |
69 | EVP_DigestUpdate(&md, data, datalen); | 67 | EVP_DigestUpdate(&md, data, datalen); |
70 | EVP_DigestFinal(&md, digest, NULL); | 68 | EVP_DigestFinal(&md, digest, &dlen); |
71 | 69 | ||
72 | slen = RSA_size(key->rsa); | 70 | slen = RSA_size(key->rsa); |
73 | sig = xmalloc(slen); | 71 | sig = xmalloc(slen); |
74 | 72 | ||
75 | ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); | 73 | ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); |
76 | memset(digest, 'd', dlen); | 74 | memset(digest, 'd', sizeof(digest)); |
77 | xfree(digest); | ||
78 | 75 | ||
79 | if (ok != 1) { | 76 | if (ok != 1) { |
80 | int ecode = ERR_get_error(); | 77 | int ecode = ERR_get_error(); |
@@ -120,7 +117,7 @@ ssh_rsa_verify( | |||
120 | const EVP_MD *evp_md; | 117 | const EVP_MD *evp_md; |
121 | EVP_MD_CTX md; | 118 | EVP_MD_CTX md; |
122 | char *ktype; | 119 | char *ktype; |
123 | u_char *sigblob, *digest; | 120 | u_char digest[EVP_MAX_MD_SIZE], *sigblob; |
124 | u_int len, dlen; | 121 | u_int len, dlen; |
125 | int rlen, ret, nid; | 122 | int rlen, ret, nid; |
126 | 123 | ||
@@ -161,15 +158,12 @@ ssh_rsa_verify( | |||
161 | xfree(sigblob); | 158 | xfree(sigblob); |
162 | return -1; | 159 | return -1; |
163 | } | 160 | } |
164 | dlen = evp_md->md_size; | ||
165 | digest = xmalloc(dlen); | ||
166 | EVP_DigestInit(&md, evp_md); | 161 | EVP_DigestInit(&md, evp_md); |
167 | EVP_DigestUpdate(&md, data, datalen); | 162 | EVP_DigestUpdate(&md, data, datalen); |
168 | EVP_DigestFinal(&md, digest, NULL); | 163 | EVP_DigestFinal(&md, digest, &dlen); |
169 | 164 | ||
170 | ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); | 165 | ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
171 | memset(digest, 'd', dlen); | 166 | memset(digest, 'd', sizeof(digest)); |
172 | xfree(digest); | ||
173 | memset(sigblob, 's', len); | 167 | memset(sigblob, 's', len); |
174 | xfree(sigblob); | 168 | xfree(sigblob); |
175 | if (ret == 0) { | 169 | if (ret == 0) { |