- markus@cvs.openbsd.org 2002/01/25 21:42:11
[ssh-dss.c ssh-rsa.c]
use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
don't use evp_md->md_size, it's not public.
This commit is contained in:
Damien Miller
parent
3a8262ffcc
commit
c516e928cd
|
|
@ -10,6 +10,10 @@
|
|||
- markus@cvs.openbsd.org 2002/01/25 21:00:24
|
||||
[sshconnect2.c]
|
||||
unused include
|
||||
- markus@cvs.openbsd.org 2002/01/25 21:42:11
|
||||
[ssh-dss.c ssh-rsa.c]
|
||||
use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
|
||||
don't use evp_md->md_size, it's not public.
|
||||
|
||||
20020130
|
||||
- (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
|
||||
|
|
@ -7412,4 +7416,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.1801 2002/02/05 00:53:15 djm Exp $
|
||||
$Id: ChangeLog,v 1.1802 2002/02/05 00:53:43 djm Exp $
|
||||
|
|
|
|||
20
ssh-dss.c
20
ssh-dss.c
|
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-dss.c,v 1.11 2001/12/27 18:22:16 markus Exp $");
|
||||
RCSID("$OpenBSD: ssh-dss.c,v 1.12 2002/01/25 21:42:11 markus Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/evp.h>
|
||||
|
|
@ -48,7 +48,7 @@ ssh_dss_sign(
|
|||
DSA_SIG *sig;
|
||||
EVP_MD *evp_md = EVP_sha1();
|
||||
EVP_MD_CTX md;
|
||||
u_char *digest, *ret, sigblob[SIGBLOB_LEN];
|
||||
u_char *ret, digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
|
||||
u_int rlen, slen, len, dlen;
|
||||
Buffer b;
|
||||
|
||||
|
|
@ -56,16 +56,13 @@ ssh_dss_sign(
|
|||
error("ssh_dss_sign: no DSA key");
|
||||
return -1;
|
||||
}
|
||||
dlen = evp_md->md_size;
|
||||
digest = xmalloc(dlen);
|
||||
EVP_DigestInit(&md, evp_md);
|
||||
EVP_DigestUpdate(&md, data, datalen);
|
||||
EVP_DigestFinal(&md, digest, NULL);
|
||||
EVP_DigestFinal(&md, digest, &dlen);
|
||||
|
||||
sig = DSA_do_sign(digest, dlen, key->dsa);
|
||||
memset(digest, 'd', sizeof(digest));
|
||||
|
||||
memset(digest, 0, dlen);
|
||||
xfree(digest);
|
||||
if (sig == NULL) {
|
||||
error("ssh_dss_sign: sign failed");
|
||||
return -1;
|
||||
|
|
@ -115,7 +112,7 @@ ssh_dss_verify(
|
|||
DSA_SIG *sig;
|
||||
EVP_MD *evp_md = EVP_sha1();
|
||||
EVP_MD_CTX md;
|
||||
u_char *digest, *sigblob;
|
||||
u_char digest[EVP_MAX_MD_SIZE], *sigblob;
|
||||
u_int len, dlen;
|
||||
int rlen, ret;
|
||||
Buffer b;
|
||||
|
|
@ -173,16 +170,13 @@ ssh_dss_verify(
|
|||
}
|
||||
|
||||
/* sha1 the data */
|
||||
dlen = evp_md->md_size;
|
||||
digest = xmalloc(dlen);
|
||||
EVP_DigestInit(&md, evp_md);
|
||||
EVP_DigestUpdate(&md, data, datalen);
|
||||
EVP_DigestFinal(&md, digest, NULL);
|
||||
EVP_DigestFinal(&md, digest, &dlen);
|
||||
|
||||
ret = DSA_do_verify(digest, dlen, sig, key->dsa);
|
||||
memset(digest, 'd', sizeof(digest));
|
||||
|
||||
memset(digest, 0, dlen);
|
||||
xfree(digest);
|
||||
DSA_SIG_free(sig);
|
||||
|
||||
debug("ssh_dss_verify: signature %s",
|
||||
|
|
|
|||
20
ssh-rsa.c
20
ssh-rsa.c
|
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-rsa.c,v 1.14 2001/12/05 10:06:12 deraadt Exp $");
|
||||
RCSID("$OpenBSD: ssh-rsa.c,v 1.15 2002/01/25 21:42:11 markus Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
|
|
@ -45,7 +45,7 @@ ssh_rsa_sign(
|
|||
{
|
||||
const EVP_MD *evp_md;
|
||||
EVP_MD_CTX md;
|
||||
u_char *digest, *sig, *ret;
|
||||
u_char digest[EVP_MAX_MD_SIZE], *sig, *ret;
|
||||
u_int slen, dlen, len;
|
||||
int ok, nid;
|
||||
Buffer b;
|
||||
|
|
@ -63,18 +63,15 @@ ssh_rsa_sign(
|
|||
error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
|
||||
return -1;
|
||||
}
|
||||
dlen = evp_md->md_size;
|
||||
digest = xmalloc(dlen);
|
||||
EVP_DigestInit(&md, evp_md);
|
||||
EVP_DigestUpdate(&md, data, datalen);
|
||||
EVP_DigestFinal(&md, digest, NULL);
|
||||
EVP_DigestFinal(&md, digest, &dlen);
|
||||
|
||||
slen = RSA_size(key->rsa);
|
||||
sig = xmalloc(slen);
|
||||
|
||||
ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
|
||||
memset(digest, 'd', dlen);
|
||||
xfree(digest);
|
||||
memset(digest, 'd', sizeof(digest));
|
||||
|
||||
if (ok != 1) {
|
||||
int ecode = ERR_get_error();
|
||||
|
|
@ -120,7 +117,7 @@ ssh_rsa_verify(
|
|||
const EVP_MD *evp_md;
|
||||
EVP_MD_CTX md;
|
||||
char *ktype;
|
||||
u_char *sigblob, *digest;
|
||||
u_char digest[EVP_MAX_MD_SIZE], *sigblob;
|
||||
u_int len, dlen;
|
||||
int rlen, ret, nid;
|
||||
|
||||
|
|
@ -161,15 +158,12 @@ ssh_rsa_verify(
|
|||
xfree(sigblob);
|
||||
return -1;
|
||||
}
|
||||
dlen = evp_md->md_size;
|
||||
digest = xmalloc(dlen);
|
||||
EVP_DigestInit(&md, evp_md);
|
||||
EVP_DigestUpdate(&md, data, datalen);
|
||||
EVP_DigestFinal(&md, digest, NULL);
|
||||
EVP_DigestFinal(&md, digest, &dlen);
|
||||
|
||||
ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
|
||||
memset(digest, 'd', dlen);
|
||||
xfree(digest);
|
||||
memset(digest, 'd', sizeof(digest));
|
||||
memset(sigblob, 's', len);
|
||||
xfree(sigblob);
|
||||
if (ret == 0) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue