diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-29 00:31:20 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-29 00:31:20 +0000 |
commit | 425fb02f20671c332af7b718d1c0e797ad0699eb (patch) | |
tree | 66a4ac12032a214bcff2d979e97f6915917e08f3 /ssh-rsa.c | |
parent | d09fcf5f6e6905ee2f04b81b6ad97e6d244f5c2a (diff) |
- markus@cvs.openbsd.org 2001/03/27 10:34:08
[ssh-rsa.c sshd.c]
use EVP_get_digestbynid, reorder some calls and fix missing free.
Diffstat (limited to 'ssh-rsa.c')
-rw-r--r-- | ssh-rsa.c | 34 |
1 files changed, 22 insertions, 12 deletions
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.6 2001/02/08 19:30:52 itojun Exp $"); | 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
29 | #include <openssl/err.h> | 29 | #include <openssl/err.h> |
@@ -42,27 +42,32 @@ ssh_rsa_sign( | |||
42 | u_char **sigp, int *lenp, | 42 | u_char **sigp, int *lenp, |
43 | u_char *data, int datalen) | 43 | u_char *data, int datalen) |
44 | { | 44 | { |
45 | EVP_MD *evp_md = EVP_sha1(); | 45 | const EVP_MD *evp_md; |
46 | EVP_MD_CTX md; | 46 | EVP_MD_CTX md; |
47 | u_char *digest, *sig, *ret; | 47 | u_char *digest, *sig, *ret; |
48 | u_int slen, dlen, len; | 48 | u_int slen, dlen, len; |
49 | int ok; | 49 | int ok, nid; |
50 | Buffer b; | 50 | Buffer b; |
51 | 51 | ||
52 | if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) { | 52 | if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) { |
53 | error("ssh_rsa_sign: no RSA key"); | 53 | error("ssh_rsa_sign: no RSA key"); |
54 | return -1; | 54 | return -1; |
55 | } | 55 | } |
56 | slen = RSA_size(key->rsa); | 56 | nid = NID_sha1; |
57 | sig = xmalloc(slen); | 57 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
58 | 58 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); | |
59 | return -1; | ||
60 | } | ||
59 | dlen = evp_md->md_size; | 61 | dlen = evp_md->md_size; |
60 | digest = xmalloc(dlen); | 62 | digest = xmalloc(dlen); |
61 | EVP_DigestInit(&md, evp_md); | 63 | EVP_DigestInit(&md, evp_md); |
62 | EVP_DigestUpdate(&md, data, datalen); | 64 | EVP_DigestUpdate(&md, data, datalen); |
63 | EVP_DigestFinal(&md, digest, NULL); | 65 | EVP_DigestFinal(&md, digest, NULL); |
64 | 66 | ||
65 | ok = RSA_sign(NID_sha1, digest, dlen, sig, &len, key->rsa); | 67 | slen = RSA_size(key->rsa); |
68 | sig = xmalloc(slen); | ||
69 | |||
70 | ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); | ||
66 | memset(digest, 'd', dlen); | 71 | memset(digest, 'd', dlen); |
67 | xfree(digest); | 72 | xfree(digest); |
68 | 73 | ||
@@ -108,13 +113,12 @@ ssh_rsa_verify( | |||
108 | u_char *data, int datalen) | 113 | u_char *data, int datalen) |
109 | { | 114 | { |
110 | Buffer b; | 115 | Buffer b; |
111 | EVP_MD *evp_md = EVP_sha1(); | 116 | const EVP_MD *evp_md; |
112 | EVP_MD_CTX md; | 117 | EVP_MD_CTX md; |
113 | char *ktype; | 118 | char *ktype; |
114 | u_char *sigblob, *digest; | 119 | u_char *sigblob, *digest; |
115 | u_int len, dlen; | 120 | u_int len, dlen; |
116 | int rlen; | 121 | int rlen, ret, nid; |
117 | int ret; | ||
118 | 122 | ||
119 | if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) { | 123 | if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) { |
120 | error("ssh_rsa_verify: no RSA key"); | 124 | error("ssh_rsa_verify: no RSA key"); |
@@ -139,17 +143,23 @@ ssh_rsa_verify( | |||
139 | rlen = buffer_len(&b); | 143 | rlen = buffer_len(&b); |
140 | buffer_free(&b); | 144 | buffer_free(&b); |
141 | if(rlen != 0) { | 145 | if(rlen != 0) { |
146 | xfree(sigblob); | ||
142 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); | 147 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); |
143 | return -1; | 148 | return -1; |
144 | } | 149 | } |
145 | 150 | nid = NID_sha1; | |
151 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { | ||
152 | xfree(sigblob); | ||
153 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); | ||
154 | return -1; | ||
155 | } | ||
146 | dlen = evp_md->md_size; | 156 | dlen = evp_md->md_size; |
147 | digest = xmalloc(dlen); | 157 | digest = xmalloc(dlen); |
148 | EVP_DigestInit(&md, evp_md); | 158 | EVP_DigestInit(&md, evp_md); |
149 | EVP_DigestUpdate(&md, data, datalen); | 159 | EVP_DigestUpdate(&md, data, datalen); |
150 | EVP_DigestFinal(&md, digest, NULL); | 160 | EVP_DigestFinal(&md, digest, NULL); |
151 | 161 | ||
152 | ret = RSA_verify(NID_sha1, digest, dlen, sigblob, len, key->rsa); | 162 | ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
153 | memset(digest, 'd', dlen); | 163 | memset(digest, 'd', dlen); |
154 | xfree(digest); | 164 | xfree(digest); |
155 | memset(sigblob, 's', len); | 165 | memset(sigblob, 's', len); |