- markus@cvs.openbsd.org 2002/01/25 21:00:24
[sshconnect2.c]
unused include
+ - markus@cvs.openbsd.org 2002/01/25 21:42:11
+ [ssh-dss.c ssh-rsa.c]
+ use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
+ don't use evp_md->md_size, it's not public.
20020130
- (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.11 2001/12/27 18:22:16 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.12 2002/01/25 21:42:11 markus Exp $");
#include <openssl/bn.h>
#include <openssl/evp.h>
DSA_SIG *sig;
EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
- u_char *digest, *ret, sigblob[SIGBLOB_LEN];
+ u_char *ret, digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
u_int rlen, slen, len, dlen;
Buffer b;
error("ssh_dss_sign: no DSA key");
return -1;
}
- dlen = evp_md->md_size;
- digest = xmalloc(dlen);
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestFinal(&md, digest, &dlen);
sig = DSA_do_sign(digest, dlen, key->dsa);
+ memset(digest, 'd', sizeof(digest));
- memset(digest, 0, dlen);
- xfree(digest);
if (sig == NULL) {
error("ssh_dss_sign: sign failed");
return -1;
DSA_SIG *sig;
EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
- u_char *digest, *sigblob;
+ u_char digest[EVP_MAX_MD_SIZE], *sigblob;
u_int len, dlen;
int rlen, ret;
Buffer b;
}
/* sha1 the data */
- dlen = evp_md->md_size;
- digest = xmalloc(dlen);
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestFinal(&md, digest, &dlen);
ret = DSA_do_verify(digest, dlen, sig, key->dsa);
+ memset(digest, 'd', sizeof(digest));
- memset(digest, 0, dlen);
- xfree(digest);
DSA_SIG_free(sig);
debug("ssh_dss_verify: signature %s",
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.14 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.15 2002/01/25 21:42:11 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
{
const EVP_MD *evp_md;
EVP_MD_CTX md;
- u_char *digest, *sig, *ret;
+ u_char digest[EVP_MAX_MD_SIZE], *sig, *ret;
u_int slen, dlen, len;
int ok, nid;
Buffer b;
error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
return -1;
}
- dlen = evp_md->md_size;
- digest = xmalloc(dlen);
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestFinal(&md, digest, &dlen);
slen = RSA_size(key->rsa);
sig = xmalloc(slen);
ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
- memset(digest, 'd', dlen);
- xfree(digest);
+ memset(digest, 'd', sizeof(digest));
if (ok != 1) {
int ecode = ERR_get_error();
const EVP_MD *evp_md;
EVP_MD_CTX md;
char *ktype;
- u_char *sigblob, *digest;
+ u_char digest[EVP_MAX_MD_SIZE], *sigblob;
u_int len, dlen;
int rlen, ret, nid;
xfree(sigblob);
return -1;
}
- dlen = evp_md->md_size;
- digest = xmalloc(dlen);
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestFinal(&md, digest, &dlen);
ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
- memset(digest, 'd', dlen);
- xfree(digest);
+ memset(digest, 'd', sizeof(digest));
memset(sigblob, 's', len);
xfree(sigblob);
if (ret == 0) {