diff options
Diffstat (limited to 'ssh-dss.c')
-rw-r--r-- | ssh-dss.c | 20 |
1 files changed, 7 insertions, 13 deletions
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-dss.c,v 1.11 2001/12/27 18:22:16 markus Exp $"); | 26 | RCSID("$OpenBSD: ssh-dss.c,v 1.12 2002/01/25 21:42:11 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/evp.h> | 29 | #include <openssl/evp.h> |
@@ -48,7 +48,7 @@ ssh_dss_sign( | |||
48 | DSA_SIG *sig; | 48 | DSA_SIG *sig; |
49 | EVP_MD *evp_md = EVP_sha1(); | 49 | EVP_MD *evp_md = EVP_sha1(); |
50 | EVP_MD_CTX md; | 50 | EVP_MD_CTX md; |
51 | u_char *digest, *ret, sigblob[SIGBLOB_LEN]; | 51 | u_char *ret, digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; |
52 | u_int rlen, slen, len, dlen; | 52 | u_int rlen, slen, len, dlen; |
53 | Buffer b; | 53 | Buffer b; |
54 | 54 | ||
@@ -56,16 +56,13 @@ ssh_dss_sign( | |||
56 | error("ssh_dss_sign: no DSA key"); | 56 | error("ssh_dss_sign: no DSA key"); |
57 | return -1; | 57 | return -1; |
58 | } | 58 | } |
59 | dlen = evp_md->md_size; | ||
60 | digest = xmalloc(dlen); | ||
61 | EVP_DigestInit(&md, evp_md); | 59 | EVP_DigestInit(&md, evp_md); |
62 | EVP_DigestUpdate(&md, data, datalen); | 60 | EVP_DigestUpdate(&md, data, datalen); |
63 | EVP_DigestFinal(&md, digest, NULL); | 61 | EVP_DigestFinal(&md, digest, &dlen); |
64 | 62 | ||
65 | sig = DSA_do_sign(digest, dlen, key->dsa); | 63 | sig = DSA_do_sign(digest, dlen, key->dsa); |
64 | memset(digest, 'd', sizeof(digest)); | ||
66 | 65 | ||
67 | memset(digest, 0, dlen); | ||
68 | xfree(digest); | ||
69 | if (sig == NULL) { | 66 | if (sig == NULL) { |
70 | error("ssh_dss_sign: sign failed"); | 67 | error("ssh_dss_sign: sign failed"); |
71 | return -1; | 68 | return -1; |
@@ -115,7 +112,7 @@ ssh_dss_verify( | |||
115 | DSA_SIG *sig; | 112 | DSA_SIG *sig; |
116 | EVP_MD *evp_md = EVP_sha1(); | 113 | EVP_MD *evp_md = EVP_sha1(); |
117 | EVP_MD_CTX md; | 114 | EVP_MD_CTX md; |
118 | u_char *digest, *sigblob; | 115 | u_char digest[EVP_MAX_MD_SIZE], *sigblob; |
119 | u_int len, dlen; | 116 | u_int len, dlen; |
120 | int rlen, ret; | 117 | int rlen, ret; |
121 | Buffer b; | 118 | Buffer b; |
@@ -173,16 +170,13 @@ ssh_dss_verify( | |||
173 | } | 170 | } |
174 | 171 | ||
175 | /* sha1 the data */ | 172 | /* sha1 the data */ |
176 | dlen = evp_md->md_size; | ||
177 | digest = xmalloc(dlen); | ||
178 | EVP_DigestInit(&md, evp_md); | 173 | EVP_DigestInit(&md, evp_md); |
179 | EVP_DigestUpdate(&md, data, datalen); | 174 | EVP_DigestUpdate(&md, data, datalen); |
180 | EVP_DigestFinal(&md, digest, NULL); | 175 | EVP_DigestFinal(&md, digest, &dlen); |
181 | 176 | ||
182 | ret = DSA_do_verify(digest, dlen, sig, key->dsa); | 177 | ret = DSA_do_verify(digest, dlen, sig, key->dsa); |
178 | memset(digest, 'd', sizeof(digest)); | ||
183 | 179 | ||
184 | memset(digest, 0, dlen); | ||
185 | xfree(digest); | ||
186 | DSA_SIG_free(sig); | 180 | DSA_SIG_free(sig); |
187 | 181 | ||
188 | debug("ssh_dss_verify: signature %s", | 182 | debug("ssh_dss_verify: signature %s", |