diff options
Diffstat (limited to 'digest-openssl.c')
-rw-r--r-- | digest-openssl.c | 60 |
1 files changed, 38 insertions, 22 deletions
diff --git a/digest-openssl.c b/digest-openssl.c index 863d37d03..02b170341 100644 --- a/digest-openssl.c +++ b/digest-openssl.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: digest-openssl.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */ | 1 | /* $OpenBSD: digest-openssl.c,v 1.4 2014/07/03 03:26:43 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2013 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2013 Damien Miller <djm@mindrot.org> |
4 | * | 4 | * |
@@ -26,8 +26,18 @@ | |||
26 | 26 | ||
27 | #include "openbsd-compat/openssl-compat.h" | 27 | #include "openbsd-compat/openssl-compat.h" |
28 | 28 | ||
29 | #include "buffer.h" | 29 | #include "sshbuf.h" |
30 | #include "digest.h" | 30 | #include "digest.h" |
31 | #include "ssherr.h" | ||
32 | |||
33 | #ifndef HAVE_EVP_RIPEMD160 | ||
34 | # define EVP_ripemd160 NULL | ||
35 | #endif /* HAVE_EVP_RIPEMD160 */ | ||
36 | #ifndef HAVE_EVP_SHA256 | ||
37 | # define EVP_sha256 NULL | ||
38 | # define EVP_sha384 NULL | ||
39 | # define EVP_sha512 NULL | ||
40 | #endif /* HAVE_EVP_SHA256 */ | ||
31 | 41 | ||
32 | struct ssh_digest_ctx { | 42 | struct ssh_digest_ctx { |
33 | int alg; | 43 | int alg; |
@@ -46,11 +56,9 @@ const struct ssh_digest digests[] = { | |||
46 | { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, | 56 | { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, |
47 | { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 }, | 57 | { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 }, |
48 | { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 }, | 58 | { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 }, |
49 | #ifdef HAVE_EVP_SHA256 /* XXX replace with local if missing */ | ||
50 | { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 }, | 59 | { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 }, |
51 | { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 }, | 60 | { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 }, |
52 | { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 }, | 61 | { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 }, |
53 | #endif | ||
54 | { -1, NULL, 0, NULL }, | 62 | { -1, NULL, 0, NULL }, |
55 | }; | 63 | }; |
56 | 64 | ||
@@ -61,6 +69,8 @@ ssh_digest_by_alg(int alg) | |||
61 | return NULL; | 69 | return NULL; |
62 | if (digests[alg].id != alg) /* sanity */ | 70 | if (digests[alg].id != alg) /* sanity */ |
63 | return NULL; | 71 | return NULL; |
72 | if (digests[alg].mdfunc == NULL) | ||
73 | return NULL; | ||
64 | return &(digests[alg]); | 74 | return &(digests[alg]); |
65 | } | 75 | } |
66 | 76 | ||
@@ -98,9 +108,11 @@ ssh_digest_start(int alg) | |||
98 | int | 108 | int |
99 | ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) | 109 | ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) |
100 | { | 110 | { |
111 | if (from->alg != to->alg) | ||
112 | return SSH_ERR_INVALID_ARGUMENT; | ||
101 | /* we have bcopy-style order while openssl has memcpy-style */ | 113 | /* we have bcopy-style order while openssl has memcpy-style */ |
102 | if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx)) | 114 | if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx)) |
103 | return -1; | 115 | return SSH_ERR_LIBCRYPTO_ERROR; |
104 | return 0; | 116 | return 0; |
105 | } | 117 | } |
106 | 118 | ||
@@ -108,14 +120,14 @@ int | |||
108 | ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) | 120 | ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) |
109 | { | 121 | { |
110 | if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1) | 122 | if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1) |
111 | return -1; | 123 | return SSH_ERR_LIBCRYPTO_ERROR; |
112 | return 0; | 124 | return 0; |
113 | } | 125 | } |
114 | 126 | ||
115 | int | 127 | int |
116 | ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const Buffer *b) | 128 | ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const struct sshbuf *b) |
117 | { | 129 | { |
118 | return ssh_digest_update(ctx, buffer_ptr(b), buffer_len(b)); | 130 | return ssh_digest_update(ctx, sshbuf_ptr(b), sshbuf_len(b)); |
119 | } | 131 | } |
120 | 132 | ||
121 | int | 133 | int |
@@ -125,13 +137,13 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) | |||
125 | u_int l = dlen; | 137 | u_int l = dlen; |
126 | 138 | ||
127 | if (dlen > UINT_MAX) | 139 | if (dlen > UINT_MAX) |
128 | return -1; | 140 | return SSH_ERR_INVALID_ARGUMENT; |
129 | if (dlen < digest->digest_len) /* No truncation allowed */ | 141 | if (dlen < digest->digest_len) /* No truncation allowed */ |
130 | return -1; | 142 | return SSH_ERR_INVALID_ARGUMENT; |
131 | if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1) | 143 | if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1) |
132 | return -1; | 144 | return SSH_ERR_LIBCRYPTO_ERROR; |
133 | if (l != digest->digest_len) /* sanity */ | 145 | if (l != digest->digest_len) /* sanity */ |
134 | return -1; | 146 | return SSH_ERR_INTERNAL_ERROR; |
135 | return 0; | 147 | return 0; |
136 | } | 148 | } |
137 | 149 | ||
@@ -148,19 +160,23 @@ ssh_digest_free(struct ssh_digest_ctx *ctx) | |||
148 | int | 160 | int |
149 | ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen) | 161 | ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen) |
150 | { | 162 | { |
151 | struct ssh_digest_ctx *ctx = ssh_digest_start(alg); | 163 | const struct ssh_digest *digest = ssh_digest_by_alg(alg); |
152 | 164 | u_int mdlen; | |
153 | if (ctx == NULL) | 165 | |
154 | return -1; | 166 | if (digest == NULL) |
155 | if (ssh_digest_update(ctx, m, mlen) != 0 || | 167 | return SSH_ERR_INVALID_ARGUMENT; |
156 | ssh_digest_final(ctx, d, dlen) != 0) | 168 | if (dlen > UINT_MAX) |
157 | return -1; | 169 | return SSH_ERR_INVALID_ARGUMENT; |
158 | ssh_digest_free(ctx); | 170 | if (dlen < digest->digest_len) |
171 | return SSH_ERR_INVALID_ARGUMENT; | ||
172 | mdlen = dlen; | ||
173 | if (!EVP_Digest(m, mlen, d, &mdlen, digest->mdfunc(), NULL)) | ||
174 | return SSH_ERR_LIBCRYPTO_ERROR; | ||
159 | return 0; | 175 | return 0; |
160 | } | 176 | } |
161 | 177 | ||
162 | int | 178 | int |
163 | ssh_digest_buffer(int alg, const Buffer *b, u_char *d, size_t dlen) | 179 | ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen) |
164 | { | 180 | { |
165 | return ssh_digest_memory(alg, buffer_ptr(b), buffer_len(b), d, dlen); | 181 | return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen); |
166 | } | 182 | } |