*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.1 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.6 2001/02/08 19:30:52 itojun Exp $");
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
-#include "ssh.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "compat.h"
-
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/evp.h>
-
+#include "log.h"
#include "key.h"
+#include "ssh-dss.h"
#define INTBLOB_LEN 20
#define SIGBLOB_LEN (2*INTBLOB_LEN)
int
ssh_dss_sign(
Key *key,
- unsigned char **sigp, int *lenp,
- unsigned char *data, int datalen)
+ u_char **sigp, int *lenp,
+ u_char *data, int datalen)
{
- unsigned char *digest;
- unsigned char *ret;
+ u_char *digest;
+ u_char *ret;
DSA_SIG *sig;
EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
- unsigned int rlen;
- unsigned int slen;
- unsigned int len;
- unsigned char sigblob[SIGBLOB_LEN];
+ u_int rlen;
+ u_int slen;
+ u_int len, dlen;
+ u_char sigblob[SIGBLOB_LEN];
Buffer b;
if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) {
error("ssh_dss_sign: no DSA key");
return -1;
}
- digest = xmalloc(evp_md->md_size);
+ dlen = evp_md->md_size;
+ digest = xmalloc(dlen);
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
EVP_DigestFinal(&md, digest, NULL);
- sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
+ sig = DSA_do_sign(digest, dlen, key->dsa);
if (sig == NULL) {
fatal("ssh_dss_sign: cannot sign");
}
+ memset(digest, 0, dlen);
+ xfree(digest);
rlen = BN_num_bytes(sig->r);
slen = BN_num_bytes(sig->s);
int
ssh_dss_verify(
Key *key,
- unsigned char *signature, int signaturelen,
- unsigned char *data, int datalen)
+ u_char *signature, int signaturelen,
+ u_char *data, int datalen)
{
Buffer b;
- unsigned char *digest;
+ u_char *digest;
DSA_SIG *sig;
EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
- unsigned char *sigblob;
+ u_char *sigblob;
char *txt;
- unsigned int len, dlen;
+ u_int len, dlen;
int rlen;
int ret;
buffer_free(&b);
return -1;
}
- sigblob = (unsigned char *)buffer_get_string(&b, &len);
+ sigblob = (u_char *)buffer_get_string(&b, &len);
rlen = buffer_len(&b);
if(rlen != 0) {
error("remaining bytes in signature %d", rlen);
memset(sigblob, 0, len);
xfree(sigblob);
}
-
+
/* sha1 the data */
dlen = evp_md->md_size;
digest = xmalloc(dlen);