diff options
Diffstat (limited to 'ssh-dss.c')
-rw-r--r-- | ssh-dss.c | 31 |
1 files changed, 16 insertions, 15 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-dss.c,v 1.29 2013/12/27 22:30:17 djm Exp $ */ | 1 | /* $OpenBSD: ssh-dss.c,v 1.30 2014/01/09 23:20:00 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -38,6 +38,7 @@ | |||
38 | #include "compat.h" | 38 | #include "compat.h" |
39 | #include "log.h" | 39 | #include "log.h" |
40 | #include "key.h" | 40 | #include "key.h" |
41 | #include "digest.h" | ||
41 | 42 | ||
42 | #define INTBLOB_LEN 20 | 43 | #define INTBLOB_LEN 20 |
43 | #define SIGBLOB_LEN (2*INTBLOB_LEN) | 44 | #define SIGBLOB_LEN (2*INTBLOB_LEN) |
@@ -47,10 +48,8 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
47 | const u_char *data, u_int datalen) | 48 | const u_char *data, u_int datalen) |
48 | { | 49 | { |
49 | DSA_SIG *sig; | 50 | DSA_SIG *sig; |
50 | const EVP_MD *evp_md = EVP_sha1(); | 51 | u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; |
51 | EVP_MD_CTX md; | 52 | u_int rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); |
52 | u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; | ||
53 | u_int rlen, slen, len, dlen; | ||
54 | Buffer b; | 53 | Buffer b; |
55 | 54 | ||
56 | if (key == NULL || key_type_plain(key->type) != KEY_DSA || | 55 | if (key == NULL || key_type_plain(key->type) != KEY_DSA || |
@@ -59,9 +58,11 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
59 | return -1; | 58 | return -1; |
60 | } | 59 | } |
61 | 60 | ||
62 | EVP_DigestInit(&md, evp_md); | 61 | if (ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, |
63 | EVP_DigestUpdate(&md, data, datalen); | 62 | digest, sizeof(digest)) != 0) { |
64 | EVP_DigestFinal(&md, digest, &dlen); | 63 | error("%s: ssh_digest_memory failed", __func__); |
64 | return -1; | ||
65 | } | ||
65 | 66 | ||
66 | sig = DSA_do_sign(digest, dlen, key->dsa); | 67 | sig = DSA_do_sign(digest, dlen, key->dsa); |
67 | memset(digest, 'd', sizeof(digest)); | 68 | memset(digest, 'd', sizeof(digest)); |
@@ -111,10 +112,8 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
111 | const u_char *data, u_int datalen) | 112 | const u_char *data, u_int datalen) |
112 | { | 113 | { |
113 | DSA_SIG *sig; | 114 | DSA_SIG *sig; |
114 | const EVP_MD *evp_md = EVP_sha1(); | 115 | u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob; |
115 | EVP_MD_CTX md; | 116 | u_int len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); |
116 | u_char digest[EVP_MAX_MD_SIZE], *sigblob; | ||
117 | u_int len, dlen; | ||
118 | int rlen, ret; | 117 | int rlen, ret; |
119 | Buffer b; | 118 | Buffer b; |
120 | 119 | ||
@@ -173,9 +172,11 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
173 | free(sigblob); | 172 | free(sigblob); |
174 | 173 | ||
175 | /* sha1 the data */ | 174 | /* sha1 the data */ |
176 | EVP_DigestInit(&md, evp_md); | 175 | if (ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, |
177 | EVP_DigestUpdate(&md, data, datalen); | 176 | digest, sizeof(digest)) != 0) { |
178 | EVP_DigestFinal(&md, digest, &dlen); | 177 | error("%s: digest_memory failed", __func__); |
178 | return -1; | ||
179 | } | ||
179 | 180 | ||
180 | ret = DSA_do_verify(digest, dlen, sig, key->dsa); | 181 | ret = DSA_do_verify(digest, dlen, sig, key->dsa); |
181 | memset(digest, 'd', sizeof(digest)); | 182 | memset(digest, 'd', sizeof(digest)); |