diff options
| author | Damien Miller <djm@mindrot.org> | 2002-02-05 11:53:43 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-02-05 11:53:43 +1100 |
| commit | c516e928cdaf2ea3dd666a79d4c89a942b242d68 (patch) | |
| tree | b34d1e8c6610fc9768f546a1557df1efe3a14a68 /ssh-rsa.c | |
| parent | 3a8262ffcc04afca626d457da65fc1076681073c (diff) | |
- markus@cvs.openbsd.org 2002/01/25 21:42:11
[ssh-dss.c ssh-rsa.c]
use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
don't use evp_md->md_size, it's not public.
Diffstat (limited to 'ssh-rsa.c')
| -rw-r--r-- | ssh-rsa.c | 20 |
1 files changed, 7 insertions, 13 deletions
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.14 2001/12/05 10:06:12 deraadt Exp $"); | 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.15 2002/01/25 21:42:11 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
| 29 | #include <openssl/err.h> | 29 | #include <openssl/err.h> |
| @@ -45,7 +45,7 @@ ssh_rsa_sign( | |||
| 45 | { | 45 | { |
| 46 | const EVP_MD *evp_md; | 46 | const EVP_MD *evp_md; |
| 47 | EVP_MD_CTX md; | 47 | EVP_MD_CTX md; |
| 48 | u_char *digest, *sig, *ret; | 48 | u_char digest[EVP_MAX_MD_SIZE], *sig, *ret; |
| 49 | u_int slen, dlen, len; | 49 | u_int slen, dlen, len; |
| 50 | int ok, nid; | 50 | int ok, nid; |
| 51 | Buffer b; | 51 | Buffer b; |
| @@ -63,18 +63,15 @@ ssh_rsa_sign( | |||
| 63 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); | 63 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); |
| 64 | return -1; | 64 | return -1; |
| 65 | } | 65 | } |
| 66 | dlen = evp_md->md_size; | ||
| 67 | digest = xmalloc(dlen); | ||
| 68 | EVP_DigestInit(&md, evp_md); | 66 | EVP_DigestInit(&md, evp_md); |
| 69 | EVP_DigestUpdate(&md, data, datalen); | 67 | EVP_DigestUpdate(&md, data, datalen); |
| 70 | EVP_DigestFinal(&md, digest, NULL); | 68 | EVP_DigestFinal(&md, digest, &dlen); |
| 71 | 69 | ||
| 72 | slen = RSA_size(key->rsa); | 70 | slen = RSA_size(key->rsa); |
| 73 | sig = xmalloc(slen); | 71 | sig = xmalloc(slen); |
| 74 | 72 | ||
| 75 | ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); | 73 | ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); |
| 76 | memset(digest, 'd', dlen); | 74 | memset(digest, 'd', sizeof(digest)); |
| 77 | xfree(digest); | ||
| 78 | 75 | ||
| 79 | if (ok != 1) { | 76 | if (ok != 1) { |
| 80 | int ecode = ERR_get_error(); | 77 | int ecode = ERR_get_error(); |
| @@ -120,7 +117,7 @@ ssh_rsa_verify( | |||
| 120 | const EVP_MD *evp_md; | 117 | const EVP_MD *evp_md; |
| 121 | EVP_MD_CTX md; | 118 | EVP_MD_CTX md; |
| 122 | char *ktype; | 119 | char *ktype; |
| 123 | u_char *sigblob, *digest; | 120 | u_char digest[EVP_MAX_MD_SIZE], *sigblob; |
| 124 | u_int len, dlen; | 121 | u_int len, dlen; |
| 125 | int rlen, ret, nid; | 122 | int rlen, ret, nid; |
| 126 | 123 | ||
| @@ -161,15 +158,12 @@ ssh_rsa_verify( | |||
| 161 | xfree(sigblob); | 158 | xfree(sigblob); |
| 162 | return -1; | 159 | return -1; |
| 163 | } | 160 | } |
| 164 | dlen = evp_md->md_size; | ||
| 165 | digest = xmalloc(dlen); | ||
| 166 | EVP_DigestInit(&md, evp_md); | 161 | EVP_DigestInit(&md, evp_md); |
| 167 | EVP_DigestUpdate(&md, data, datalen); | 162 | EVP_DigestUpdate(&md, data, datalen); |
| 168 | EVP_DigestFinal(&md, digest, NULL); | 163 | EVP_DigestFinal(&md, digest, &dlen); |
| 169 | 164 | ||
| 170 | ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); | 165 | ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
| 171 | memset(digest, 'd', dlen); | 166 | memset(digest, 'd', sizeof(digest)); |
| 172 | xfree(digest); | ||
| 173 | memset(sigblob, 's', len); | 167 | memset(sigblob, 's', len); |
| 174 | xfree(sigblob); | 168 | xfree(sigblob); |
| 175 | if (ret == 0) { | 169 | if (ret == 0) { |