1 files changed, 38 insertions, 22 deletions
diff --git a/digest-openssl.c b/digest-openssl.c
index 863d37d03..02b170341 100644
--- a/digest-openssl.c
+++ b/digest-openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest-openssl.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: digest-openssl.c,v 1.4 2014/07/03 03:26:43 djm Exp $ */
 /*
 * Copyright (c) 2013 Damien Miller <djm@mindrot.org>
 *
@@ -26,8 +26,18 @@
 #include "openbsd-compat/openssl-compat.h"
-#include "buffer.h"
+#include "sshbuf.h"
 #include "digest.h"
+#include "ssherr.h"
+#ifndef HAVE_EVP_RIPEMD160
+# define EVP_ripemd160 NULL
+#endif /* HAVE_EVP_RIPEMD160 */
+#ifndef HAVE_EVP_SHA256
+# define EVP_sha256 NULL
+# define EVP_sha384 NULL
+# define EVP_sha512 NULL
+#endif /* HAVE_EVP_SHA256 */
 struct ssh_digest_ctx {
        int alg;
@@ -46,11 +56,9 @@ const struct ssh_digest digests[] = {
        { SSH_DIGEST_MD5,       "MD5",          16,     EVP_md5 },
        { SSH_DIGEST_RIPEMD160, "RIPEMD160",    20,     EVP_ripemd160 },
        { SSH_DIGEST_SHA1,      "SHA1",         20,     EVP_sha1 },
-#ifdef HAVE_EVP_SHA256 /* XXX replace with local if missing */
        { SSH_DIGEST_SHA256,    "SHA256",       32,     EVP_sha256 },
        { SSH_DIGEST_SHA384,    "SHA384",       48,     EVP_sha384 },
        { SSH_DIGEST_SHA512,    "SHA512",       64,     EVP_sha512 },
-#endif
        { -1,                   NULL,           0,      NULL },
 };
@@ -61,6 +69,8 @@ ssh_digest_by_alg(int alg)
                return NULL;
        if (digests[alg].id != alg) /* sanity */
                return NULL;
+        if (digests[alg].mdfunc == NULL)
+                return NULL;
        return &(digests[alg]);
 }
@@ -98,9 +108,11 @@ ssh_digest_start(int alg)
 int
 ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to)
 {
+        if (from->alg != to->alg)
+                return SSH_ERR_INVALID_ARGUMENT;
        /* we have bcopy-style order while openssl has memcpy-style */
        if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx))
-                return -1;
+                return SSH_ERR_LIBCRYPTO_ERROR;
        return 0;
 }
@@ -108,14 +120,14 @@ int
 ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
 {
        if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1)
-                return -1;
+                return SSH_ERR_LIBCRYPTO_ERROR;
        return 0;
 }
 int
-ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const Buffer *b)
+ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const struct sshbuf *b)
 {
-        return ssh_digest_update(ctx, buffer_ptr(b), buffer_len(b));
+        return ssh_digest_update(ctx, sshbuf_ptr(b), sshbuf_len(b));
 }
 int
@@ -125,13 +137,13 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
        u_int l = dlen;
        if (dlen > UINT_MAX)
-                return -1;
+                return SSH_ERR_INVALID_ARGUMENT;
        if (dlen < digest->digest_len) /* No truncation allowed */
-                return -1;
+                return SSH_ERR_INVALID_ARGUMENT;
        if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1)
-                return -1;
+                return SSH_ERR_LIBCRYPTO_ERROR;
        if (l != digest->digest_len) /* sanity */
-                return -1;
+                return SSH_ERR_INTERNAL_ERROR;
        return 0;
 }
@@ -148,19 +160,23 @@ ssh_digest_free(struct ssh_digest_ctx *ctx)
 int
 ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen)
 {
-        struct ssh_digest_ctx *ctx = ssh_digest_start(alg);
+        const struct ssh_digest *digest = ssh_digest_by_alg(alg);
+        u_int mdlen;
-        if (ctx == NULL)
-                return -1;
+        if (digest == NULL)
-        if (ssh_digest_update(ctx, m, mlen) != 0 ||
+                return SSH_ERR_INVALID_ARGUMENT;
-            ssh_digest_final(ctx, d, dlen) != 0)
+        if (dlen > UINT_MAX)
-                return -1;
+                return SSH_ERR_INVALID_ARGUMENT;
-        ssh_digest_free(ctx);
+        if (dlen < digest->digest_len)
+                return SSH_ERR_INVALID_ARGUMENT;
+        mdlen = dlen;
+        if (!EVP_Digest(m, mlen, d, &mdlen, digest->mdfunc(), NULL))
+                return SSH_ERR_LIBCRYPTO_ERROR;
        return 0;
 }
 int
-ssh_digest_buffer(int alg, const Buffer *b, u_char *d, size_t dlen)
+ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen)
 {
-        return ssh_digest_memory(alg, buffer_ptr(b), buffer_len(b), d, dlen);
+        return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen);
 }

diff --git a/digest-openssl.c b/digest-openssl.c index 863d37d03..02b170341 100644 --- a/digest-openssl.c +++ b/digest-openssl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: digest-openssl.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */	1	/* $OpenBSD: digest-openssl.c,v 1.4 2014/07/03 03:26:43 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2013 Damien Miller <djm@mindrot.org>	3	* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
4	*	4	*
@@ -26,8 +26,18 @@
26		26
27	#include "openbsd-compat/openssl-compat.h"	27	#include "openbsd-compat/openssl-compat.h"
28		28
29	#include "buffer.h"	29	#include "sshbuf.h"
30	#include "digest.h"	30	#include "digest.h"
		31	#include "ssherr.h"
		32
		33	#ifndef HAVE_EVP_RIPEMD160
		34	# define EVP_ripemd160 NULL
		35	#endif /* HAVE_EVP_RIPEMD160 */
		36	#ifndef HAVE_EVP_SHA256
		37	# define EVP_sha256 NULL
		38	# define EVP_sha384 NULL
		39	# define EVP_sha512 NULL
		40	#endif /* HAVE_EVP_SHA256 */
31		41
32	struct ssh_digest_ctx {	42	struct ssh_digest_ctx {
33	int alg;	43	int alg;
@@ -46,11 +56,9 @@ const struct ssh_digest digests[] = {
46	{ SSH_DIGEST_MD5, "MD5", 16, EVP_md5 },	56	{ SSH_DIGEST_MD5, "MD5", 16, EVP_md5 },
47	{ SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 },	57	{ SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 },
48	{ SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 },	58	{ SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 },
49	#ifdef HAVE_EVP_SHA256 /* XXX replace with local if missing */
50	{ SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },	59	{ SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },
51	{ SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 },	60	{ SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 },
52	{ SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 },	61	{ SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 },
53	#endif
54	{ -1, NULL, 0, NULL },	62	{ -1, NULL, 0, NULL },
55	};	63	};
56		64
@@ -61,6 +69,8 @@ ssh_digest_by_alg(int alg)
61	return NULL;	69	return NULL;
62	if (digests[alg].id != alg) /* sanity */	70	if (digests[alg].id != alg) /* sanity */
63	return NULL;	71	return NULL;
		72	if (digests[alg].mdfunc == NULL)
		73	return NULL;
64	return &(digests[alg]);	74	return &(digests[alg]);
65	}	75	}
66		76
@@ -98,9 +108,11 @@ ssh_digest_start(int alg)
98	int	108	int
99	ssh_digest_copy_state(struct ssh_digest_ctx from, struct ssh_digest_ctx to)	109	ssh_digest_copy_state(struct ssh_digest_ctx from, struct ssh_digest_ctx to)
100	{	110	{
		111	if (from->alg != to->alg)
		112	return SSH_ERR_INVALID_ARGUMENT;
101	/* we have bcopy-style order while openssl has memcpy-style */	113	/* we have bcopy-style order while openssl has memcpy-style */
102	if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx))	114	if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx))
103	return -1;	115	return SSH_ERR_LIBCRYPTO_ERROR;
104	return 0;	116	return 0;
105	}	117	}
106		118
@@ -108,14 +120,14 @@ int
108	ssh_digest_update(struct ssh_digest_ctx ctx, const void m, size_t mlen)	120	ssh_digest_update(struct ssh_digest_ctx ctx, const void m, size_t mlen)
109	{	121	{
110	if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1)	122	if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1)
111	return -1;	123	return SSH_ERR_LIBCRYPTO_ERROR;
112	return 0;	124	return 0;
113	}	125	}
114		126
115	int	127	int
116	ssh_digest_update_buffer(struct ssh_digest_ctx ctx, const Buffer b)	128	ssh_digest_update_buffer(struct ssh_digest_ctx ctx, const struct sshbuf b)
117	{	129	{
118	return ssh_digest_update(ctx, buffer_ptr(b), buffer_len(b));	130	return ssh_digest_update(ctx, sshbuf_ptr(b), sshbuf_len(b));
119	}	131	}
120		132
121	int	133	int
@@ -125,13 +137,13 @@ ssh_digest_final(struct ssh_digest_ctx ctx, u_char d, size_t dlen)
125	u_int l = dlen;	137	u_int l = dlen;
126		138
127	if (dlen > UINT_MAX)	139	if (dlen > UINT_MAX)
128	return -1;	140	return SSH_ERR_INVALID_ARGUMENT;
129	if (dlen < digest->digest_len) /* No truncation allowed */	141	if (dlen < digest->digest_len) /* No truncation allowed */
130	return -1;	142	return SSH_ERR_INVALID_ARGUMENT;
131	if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1)	143	if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1)
132	return -1;	144	return SSH_ERR_LIBCRYPTO_ERROR;
133	if (l != digest->digest_len) /* sanity */	145	if (l != digest->digest_len) /* sanity */
134	return -1;	146	return SSH_ERR_INTERNAL_ERROR;
135	return 0;	147	return 0;
136	}	148	}
137		149
@@ -148,19 +160,23 @@ ssh_digest_free(struct ssh_digest_ctx *ctx)
148	int	160	int
149	ssh_digest_memory(int alg, const void m, size_t mlen, u_char d, size_t dlen)	161	ssh_digest_memory(int alg, const void m, size_t mlen, u_char d, size_t dlen)
150	{	162	{
151	struct ssh_digest_ctx *ctx = ssh_digest_start(alg);	163	const struct ssh_digest *digest = ssh_digest_by_alg(alg);
152		164	u_int mdlen;
153	if (ctx == NULL)	165
154	return -1;	166	if (digest == NULL)
155	if (ssh_digest_update(ctx, m, mlen) != 0 \|\|	167	return SSH_ERR_INVALID_ARGUMENT;
156	ssh_digest_final(ctx, d, dlen) != 0)	168	if (dlen > UINT_MAX)
157	return -1;	169	return SSH_ERR_INVALID_ARGUMENT;
158	ssh_digest_free(ctx);	170	if (dlen < digest->digest_len)
		171	return SSH_ERR_INVALID_ARGUMENT;
		172	mdlen = dlen;
		173	if (!EVP_Digest(m, mlen, d, &mdlen, digest->mdfunc(), NULL))
		174	return SSH_ERR_LIBCRYPTO_ERROR;
159	return 0;	175	return 0;
160	}	176	}
161		177
162	int	178	int
163	ssh_digest_buffer(int alg, const Buffer b, u_char d, size_t dlen)	179	ssh_digest_buffer(int alg, const struct sshbuf b, u_char d, size_t dlen)
164	{	180	{
165	return ssh_digest_memory(alg, buffer_ptr(b), buffer_len(b), d, dlen);	181	return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen);
166	}	182	}