- djm@cvs.openbsd.org 2014/07/03 03:26:43

[digest-openssl.c] use EVP_Digest() for one-shot hash instead of creating, updating, finalising and destroying a context. bz#2231, based on patch from Timo Teras
2014-07-03 21:23:24 +10:00 · 2014-07-03 21:23:24 +10:00 · c174a3b7c1
parent d7ca2cd31e
commit c174a3b7c1
2 changed files with 16 additions and 8 deletions
--- a/5
+++ b/5
@ -20,6 +20,11 @@
     ssh-add fatal()s part-way through (e.g. when listing keys from an
     agent that supports key types that ssh-add doesn't);
     bz#2234, reported by Phil Pennock
   - djm@cvs.openbsd.org 2014/07/03 03:26:43
     [digest-openssl.c]
     use EVP_Digest() for one-shot hash instead of creating, updating,
     finalising and destroying a context.
     bz#2231, based on patch from Timo Teras
 20140702
 - OpenBSD CVS Sync
--- a/digest-openssl.c
+++ b/digest-openssl.c
@ -1,4 +1,4 @@
-/* $OpenBSD: digest-openssl.c,v 1.3 2014/06/24 01:13:21 djm Exp $ */
+/* $OpenBSD: digest-openssl.c,v 1.4 2014/07/03 03:26:43 djm Exp $ */
 /*
 * Copyright (c) 2013 Damien Miller <djm@mindrot.org>
 *
@ -153,15 +153,18 @@ ssh_digest_free(struct ssh_digest_ctx *ctx)
 int
 ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen)
 {
-	struct ssh_digest_ctx *ctx = ssh_digest_start(alg);
+	const struct ssh_digest *digest = ssh_digest_by_alg(alg);
-	int r;
+	u_int mdlen;
-	if (ctx == NULL)
+	if (digest == NULL)
 		return SSH_ERR_INVALID_ARGUMENT;
-	if ((r = ssh_digest_update(ctx, m, mlen) != 0) ||
+	if (dlen > UINT_MAX)
-	    (r = ssh_digest_final(ctx, d, dlen) != 0))
+		return SSH_ERR_INVALID_ARGUMENT;
-		return r;
+	if (dlen < digest->digest_len)
-	ssh_digest_free(ctx);
+		return SSH_ERR_INVALID_ARGUMENT;
 	mdlen = dlen;
 	if (!EVP_Digest(m, mlen, d, &mdlen, digest->mdfunc(), NULL))
 		return SSH_ERR_LIBCRYPTO_ERROR;
 	return 0;
 }