summaryrefslogtreecommitdiff
path: root/ssh-ecdsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-ecdsa.c')
-rw-r--r--ssh-ecdsa.c42
1 files changed, 26 insertions, 16 deletions
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
index 52f9e74c0..10ad9da60 100644
--- a/ssh-ecdsa.c
+++ b/ssh-ecdsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-ecdsa.c,v 1.7 2013/12/27 22:30:17 djm Exp $ */ 1/* $OpenBSD: ssh-ecdsa.c,v 1.8 2014/01/09 23:20:00 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -42,15 +42,15 @@
42#include "compat.h" 42#include "compat.h"
43#include "log.h" 43#include "log.h"
44#include "key.h" 44#include "key.h"
45#include "digest.h"
45 46
46int 47int
47ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, 48ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
48 const u_char *data, u_int datalen) 49 const u_char *data, u_int datalen)
49{ 50{
50 ECDSA_SIG *sig; 51 ECDSA_SIG *sig;
51 const EVP_MD *evp_md; 52 int hash_alg;
52 EVP_MD_CTX md; 53 u_char digest[SSH_DIGEST_MAX_LENGTH];
53 u_char digest[EVP_MAX_MD_SIZE];
54 u_int len, dlen; 54 u_int len, dlen;
55 Buffer b, bb; 55 Buffer b, bb;
56 56
@@ -60,10 +60,16 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
60 return -1; 60 return -1;
61 } 61 }
62 62
63 evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid); 63 hash_alg = key_ec_nid_to_hash_alg(key->ecdsa_nid);
64 EVP_DigestInit(&md, evp_md); 64 if ((dlen = ssh_digest_bytes(hash_alg)) == 0) {
65 EVP_DigestUpdate(&md, data, datalen); 65 error("%s: bad hash algorithm %d", __func__, hash_alg);
66 EVP_DigestFinal(&md, digest, &dlen); 66 return -1;
67 }
68 if (ssh_digest_memory(hash_alg, data, datalen,
69 digest, sizeof(digest)) != 0) {
70 error("%s: digest_memory failed", __func__);
71 return -1;
72 }
67 73
68 sig = ECDSA_do_sign(digest, dlen, key->ecdsa); 74 sig = ECDSA_do_sign(digest, dlen, key->ecdsa);
69 memset(digest, 'd', sizeof(digest)); 75 memset(digest, 'd', sizeof(digest));
@@ -98,9 +104,8 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
98 const u_char *data, u_int datalen) 104 const u_char *data, u_int datalen)
99{ 105{
100 ECDSA_SIG *sig; 106 ECDSA_SIG *sig;
101 const EVP_MD *evp_md; 107 int hash_alg;
102 EVP_MD_CTX md; 108 u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob;
103 u_char digest[EVP_MAX_MD_SIZE], *sigblob;
104 u_int len, dlen; 109 u_int len, dlen;
105 int rlen, ret; 110 int rlen, ret;
106 Buffer b, bb; 111 Buffer b, bb;
@@ -112,8 +117,6 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
112 return -1; 117 return -1;
113 } 118 }
114 119
115 evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid);
116
117 /* fetch signature */ 120 /* fetch signature */
118 buffer_init(&b); 121 buffer_init(&b);
119 buffer_append(&b, signature, signaturelen); 122 buffer_append(&b, signature, signaturelen);
@@ -154,9 +157,16 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
154 free(sigblob); 157 free(sigblob);
155 158
156 /* hash the data */ 159 /* hash the data */
157 EVP_DigestInit(&md, evp_md); 160 hash_alg = key_ec_nid_to_hash_alg(key->ecdsa_nid);
158 EVP_DigestUpdate(&md, data, datalen); 161 if ((dlen = ssh_digest_bytes(hash_alg)) == 0) {
159 EVP_DigestFinal(&md, digest, &dlen); 162 error("%s: bad hash algorithm %d", __func__, hash_alg);
163 return -1;
164 }
165 if (ssh_digest_memory(hash_alg, data, datalen,
166 digest, sizeof(digest)) != 0) {
167 error("%s: digest_memory failed", __func__);
168 return -1;
169 }
160 170
161 ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); 171 ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa);
162 memset(digest, 'd', sizeof(digest)); 172 memset(digest, 'd', sizeof(digest));
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 22:58:33 +0000