diff options
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/ssh/ssh-dss.c | 20 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-rsa.c | 20 |
2 files changed, 14 insertions, 26 deletions
diff --git a/usr.bin/ssh/ssh-dss.c b/usr.bin/ssh/ssh-dss.c index bd709a22660..b81b8347d27 100644 --- a/usr.bin/ssh/ssh-dss.c +++ b/usr.bin/ssh/ssh-dss.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-dss.c,v 1.11 2001/12/27 18:22:16 markus Exp $"); +RCSID("$OpenBSD: ssh-dss.c,v 1.12 2002/01/25 21:42:11 markus Exp $"); #include <openssl/bn.h> #include <openssl/evp.h> @@ -48,7 +48,7 @@ ssh_dss_sign( DSA_SIG *sig; EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; - u_char *digest, *ret, sigblob[SIGBLOB_LEN]; + u_char *ret, digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; u_int rlen, slen, len, dlen; Buffer b; @@ -56,16 +56,13 @@ ssh_dss_sign( error("ssh_dss_sign: no DSA key"); return -1; } - dlen = evp_md->md_size; - digest = xmalloc(dlen); EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, NULL); + EVP_DigestFinal(&md, digest, &dlen); sig = DSA_do_sign(digest, dlen, key->dsa); + memset(digest, 'd', sizeof(digest)); - memset(digest, 0, dlen); - xfree(digest); if (sig == NULL) { error("ssh_dss_sign: sign failed"); return -1; @@ -115,7 +112,7 @@ ssh_dss_verify( DSA_SIG *sig; EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; - u_char *digest, *sigblob; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; u_int len, dlen; int rlen, ret; Buffer b; @@ -173,16 +170,13 @@ ssh_dss_verify( } /* sha1 the data */ - dlen = evp_md->md_size; - digest = xmalloc(dlen); EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, NULL); + EVP_DigestFinal(&md, digest, &dlen); ret = DSA_do_verify(digest, dlen, sig, key->dsa); + memset(digest, 'd', sizeof(digest)); - memset(digest, 0, dlen); - xfree(digest); DSA_SIG_free(sig); debug("ssh_dss_verify: signature %s", diff --git a/usr.bin/ssh/ssh-rsa.c b/usr.bin/ssh/ssh-rsa.c index 27522ef687d..c4339b95bd1 100644 --- a/usr.bin/ssh/ssh-rsa.c +++ b/usr.bin/ssh/ssh-rsa.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.14 2001/12/05 10:06:12 deraadt Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.15 2002/01/25 21:42:11 markus Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -45,7 +45,7 @@ ssh_rsa_sign( { const EVP_MD *evp_md; EVP_MD_CTX md; - u_char *digest, *sig, *ret; + u_char digest[EVP_MAX_MD_SIZE], *sig, *ret; u_int slen, dlen, len; int ok, nid; Buffer b; @@ -63,18 +63,15 @@ ssh_rsa_sign( error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); return -1; } - dlen = evp_md->md_size; - digest = xmalloc(dlen); EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, NULL); + EVP_DigestFinal(&md, digest, &dlen); slen = RSA_size(key->rsa); sig = xmalloc(slen); ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); - memset(digest, 'd', dlen); - xfree(digest); + memset(digest, 'd', sizeof(digest)); if (ok != 1) { int ecode = ERR_get_error(); @@ -120,7 +117,7 @@ ssh_rsa_verify( const EVP_MD *evp_md; EVP_MD_CTX md; char *ktype; - u_char *sigblob, *digest; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; u_int len, dlen; int rlen, ret, nid; @@ -161,15 +158,12 @@ ssh_rsa_verify( xfree(sigblob); return -1; } - dlen = evp_md->md_size; - digest = xmalloc(dlen); EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, NULL); + EVP_DigestFinal(&md, digest, &dlen); ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); - memset(digest, 'd', dlen); - xfree(digest); + memset(digest, 'd', sizeof(digest)); memset(sigblob, 's', len); xfree(sigblob); if (ret == 0) { |