1 files changed, 22 insertions, 12 deletions
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 9de0e7b08..a2153bd1a 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.6 2001/02/08 19:30:52 itojun Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -42,27 +42,32 @@ ssh_rsa_sign(
    u_char **sigp, int *lenp,
    u_char *data, int datalen)
 {
-        EVP_MD *evp_md = EVP_sha1();
+        const EVP_MD *evp_md;
        EVP_MD_CTX md;
        u_char *digest, *sig, *ret;
        u_int slen, dlen, len;
-        int ok;
+        int ok, nid;
        Buffer b;
        if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) {
                error("ssh_rsa_sign: no RSA key");
                return -1;
        }
-        slen = RSA_size(key->rsa);
+        nid = NID_sha1;
-        sig = xmalloc(slen);
+        if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
+                error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
+                return -1;
+        }
        dlen = evp_md->md_size;
        digest = xmalloc(dlen);
        EVP_DigestInit(&md, evp_md);
        EVP_DigestUpdate(&md, data, datalen);
        EVP_DigestFinal(&md, digest, NULL);
-        ok = RSA_sign(NID_sha1, digest, dlen, sig, &len, key->rsa);
+        slen = RSA_size(key->rsa);
+        sig = xmalloc(slen);
+        ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
        memset(digest, 'd', dlen);
        xfree(digest);
@@ -108,13 +113,12 @@ ssh_rsa_verify(
    u_char *data, int datalen)
 {
        Buffer b;
-        EVP_MD *evp_md = EVP_sha1();
+        const EVP_MD *evp_md;
        EVP_MD_CTX md;
        char *ktype;
        u_char *sigblob, *digest;
        u_int len, dlen;
-        int rlen;
+        int rlen, ret, nid;
-        int ret;
        if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) {
                error("ssh_rsa_verify: no RSA key");
@@ -139,17 +143,23 @@ ssh_rsa_verify(
        rlen = buffer_len(&b);
        buffer_free(&b);
        if(rlen != 0) {
+                xfree(sigblob);
                error("ssh_rsa_verify: remaining bytes in signature %d", rlen);
                return -1;
        }
+        nid = NID_sha1;
+        if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
+                xfree(sigblob);
+                error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
+                return -1;
+        }
        dlen = evp_md->md_size;
        digest = xmalloc(dlen);
        EVP_DigestInit(&md, evp_md);
        EVP_DigestUpdate(&md, data, datalen);
        EVP_DigestFinal(&md, digest, NULL);
-        ret = RSA_verify(NID_sha1, digest, dlen, sigblob, len, key->rsa);
+        ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
        memset(digest, 'd', dlen);
        xfree(digest);
        memset(sigblob, 's', len);

diff --git a/ssh-rsa.c b/ssh-rsa.c index 9de0e7b08..a2153bd1a 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: ssh-rsa.c,v 1.6 2001/02/08 19:30:52 itojun Exp $");	26	RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $");
27		27
28	#include <openssl/evp.h>	28	#include <openssl/evp.h>
29	#include <openssl/err.h>	29	#include <openssl/err.h>
@@ -42,27 +42,32 @@ ssh_rsa_sign(
42	u_char *sigp, int lenp,	42	u_char *sigp, int lenp,
43	u_char *data, int datalen)	43	u_char *data, int datalen)
44	{	44	{
45	EVP_MD *evp_md = EVP_sha1();	45	const EVP_MD *evp_md;
46	EVP_MD_CTX md;	46	EVP_MD_CTX md;
47	u_char digest, sig, *ret;	47	u_char digest, sig, *ret;
48	u_int slen, dlen, len;	48	u_int slen, dlen, len;
49	int ok;	49	int ok, nid;
50	Buffer b;	50	Buffer b;
51		51
52	if (key == NULL \|\| key->type != KEY_RSA \|\| key->rsa == NULL) {	52	if (key == NULL \|\| key->type != KEY_RSA \|\| key->rsa == NULL) {
53	error("ssh_rsa_sign: no RSA key");	53	error("ssh_rsa_sign: no RSA key");
54	return -1;	54	return -1;
55	}	55	}
56	slen = RSA_size(key->rsa);	56	nid = NID_sha1;
57	sig = xmalloc(slen);	57	if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
58		58	error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
		59	return -1;
		60	}
59	dlen = evp_md->md_size;	61	dlen = evp_md->md_size;
60	digest = xmalloc(dlen);	62	digest = xmalloc(dlen);
61	EVP_DigestInit(&md, evp_md);	63	EVP_DigestInit(&md, evp_md);
62	EVP_DigestUpdate(&md, data, datalen);	64	EVP_DigestUpdate(&md, data, datalen);
63	EVP_DigestFinal(&md, digest, NULL);	65	EVP_DigestFinal(&md, digest, NULL);
64		66
65	ok = RSA_sign(NID_sha1, digest, dlen, sig, &len, key->rsa);	67	slen = RSA_size(key->rsa);
		68	sig = xmalloc(slen);
		69
		70	ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
66	memset(digest, 'd', dlen);	71	memset(digest, 'd', dlen);
67	xfree(digest);	72	xfree(digest);
68		73
@@ -108,13 +113,12 @@ ssh_rsa_verify(
108	u_char *data, int datalen)	113	u_char *data, int datalen)
109	{	114	{
110	Buffer b;	115	Buffer b;
111	EVP_MD *evp_md = EVP_sha1();	116	const EVP_MD *evp_md;
112	EVP_MD_CTX md;	117	EVP_MD_CTX md;
113	char *ktype;	118	char *ktype;
114	u_char sigblob, digest;	119	u_char sigblob, digest;
115	u_int len, dlen;	120	u_int len, dlen;
116	int rlen;	121	int rlen, ret, nid;
117	int ret;
118		122
119	if (key == NULL \|\| key->type != KEY_RSA \|\| key->rsa == NULL) {	123	if (key == NULL \|\| key->type != KEY_RSA \|\| key->rsa == NULL) {
120	error("ssh_rsa_verify: no RSA key");	124	error("ssh_rsa_verify: no RSA key");
@@ -139,17 +143,23 @@ ssh_rsa_verify(
139	rlen = buffer_len(&b);	143	rlen = buffer_len(&b);
140	buffer_free(&b);	144	buffer_free(&b);
141	if(rlen != 0) {	145	if(rlen != 0) {
		146	xfree(sigblob);
142	error("ssh_rsa_verify: remaining bytes in signature %d", rlen);	147	error("ssh_rsa_verify: remaining bytes in signature %d", rlen);
143	return -1;	148	return -1;
144	}	149	}
145		150	nid = NID_sha1;
		151	if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
		152	xfree(sigblob);
		153	error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
		154	return -1;
		155	}
146	dlen = evp_md->md_size;	156	dlen = evp_md->md_size;
147	digest = xmalloc(dlen);	157	digest = xmalloc(dlen);
148	EVP_DigestInit(&md, evp_md);	158	EVP_DigestInit(&md, evp_md);
149	EVP_DigestUpdate(&md, data, datalen);	159	EVP_DigestUpdate(&md, data, datalen);
150	EVP_DigestFinal(&md, digest, NULL);	160	EVP_DigestFinal(&md, digest, NULL);
151		161
152	ret = RSA_verify(NID_sha1, digest, dlen, sigblob, len, key->rsa);	162	ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
153	memset(digest, 'd', dlen);	163	memset(digest, 'd', dlen);
154	xfree(digest);	164	xfree(digest);
155	memset(sigblob, 's', len);	165	memset(sigblob, 's', len);