- markus@cvs.openbsd.org 2002/01/25 21:42:11

[ssh-dss.c ssh-rsa.c] use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@ don't use evp_md->md_size, it's not public.
author: Damien Miller <djm@mindrot.org> 2002-02-05 11:53:43 +1100
committer: Damien Miller <djm@mindrot.org> 2002-02-05 11:53:43 +1100
commit: c516e928cdaf2ea3dd666a79d4c89a942b242d68 (patch)
tree: b34d1e8c6610fc9768f546a1557df1efe3a14a68
parent: 3a8262ffcc04afca626d457da65fc1076681073c (diff)
3 files changed, 19 insertions, 27 deletions
diff --git a/ChangeLog b/ChangeLog
index abcb900c..9a79ab80 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,10 @@
    - markus@cvs.openbsd.org 2002/01/25 21:00:24
      [sshconnect2.c]
      unused include
+   - markus@cvs.openbsd.org 2002/01/25 21:42:11
+     [ssh-dss.c ssh-rsa.c]
+     use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
+     don't use evp_md->md_size, it's not public.
 
 20020130
  - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
@@ -7412,4 +7416,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1801 2002/02/05 00:53:15 djm Exp $
+$Id: ChangeLog,v 1.1802 2002/02/05 00:53:43 djm Exp $
diff --git a/ssh-dss.c b/ssh-dss.c
index bd709a22..b81b8347 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.11 2001/12/27 18:22:16 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.12 2002/01/25 21:42:11 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -48,7 +48,7 @@ ssh_dss_sign(
 	DSA_SIG *sig;
 	EVP_MD *evp_md = EVP_sha1();
 	EVP_MD_CTX md;
-	u_char *digest, *ret, sigblob[SIGBLOB_LEN];
+	u_char *ret, digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
 	u_int rlen, slen, len, dlen;
 	Buffer b;
 
@@ -56,16 +56,13 @@ ssh_dss_sign(
 		error("ssh_dss_sign: no DSA key");
 		return -1;
 	}
-	dlen = evp_md->md_size;
-	digest = xmalloc(dlen);
 	EVP_DigestInit(&md, evp_md);
 	EVP_DigestUpdate(&md, data, datalen);
-	EVP_DigestFinal(&md, digest, NULL);
+	EVP_DigestFinal(&md, digest, &dlen);
 
 	sig = DSA_do_sign(digest, dlen, key->dsa);
+	memset(digest, 'd', sizeof(digest));
 
-	memset(digest, 0, dlen);
-	xfree(digest);
 	if (sig == NULL) {
 		error("ssh_dss_sign: sign failed");
 		return -1;
@@ -115,7 +112,7 @@ ssh_dss_verify(
 	DSA_SIG *sig;
 	EVP_MD *evp_md = EVP_sha1();
 	EVP_MD_CTX md;
-	u_char *digest, *sigblob;
+	u_char digest[EVP_MAX_MD_SIZE], *sigblob;
 	u_int len, dlen;
 	int rlen, ret;
 	Buffer b;
@@ -173,16 +170,13 @@ ssh_dss_verify(
 	}
 
 	/* sha1 the data */
-	dlen = evp_md->md_size;
-	digest = xmalloc(dlen);
 	EVP_DigestInit(&md, evp_md);
 	EVP_DigestUpdate(&md, data, datalen);
-	EVP_DigestFinal(&md, digest, NULL);
+	EVP_DigestFinal(&md, digest, &dlen);
 
 	ret = DSA_do_verify(digest, dlen, sig, key->dsa);
+	memset(digest, 'd', sizeof(digest));
 
-	memset(digest, 0, dlen);
-	xfree(digest);
 	DSA_SIG_free(sig);
 
 	debug("ssh_dss_verify: signature %s",
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 27522ef6..c4339b95 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.14 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.15 2002/01/25 21:42:11 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -45,7 +45,7 @@ ssh_rsa_sign(
 {
 	const EVP_MD *evp_md;
 	EVP_MD_CTX md;
-	u_char *digest, *sig, *ret;
+	u_char digest[EVP_MAX_MD_SIZE], *sig, *ret;
 	u_int slen, dlen, len;
 	int ok, nid;
 	Buffer b;
@@ -63,18 +63,15 @@ ssh_rsa_sign(
 		error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
 		return -1;
 	}
-	dlen = evp_md->md_size;
-	digest = xmalloc(dlen);
 	EVP_DigestInit(&md, evp_md);
 	EVP_DigestUpdate(&md, data, datalen);
-	EVP_DigestFinal(&md, digest, NULL);
+	EVP_DigestFinal(&md, digest, &dlen);
 
 	slen = RSA_size(key->rsa);
 	sig = xmalloc(slen);
 
 	ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
-	memset(digest, 'd', dlen);
-	xfree(digest);
+	memset(digest, 'd', sizeof(digest));
 
 	if (ok != 1) {
 		int ecode = ERR_get_error();
@@ -120,7 +117,7 @@ ssh_rsa_verify(
 	const EVP_MD *evp_md;
 	EVP_MD_CTX md;
 	char *ktype;
-	u_char *sigblob, *digest;
+	u_char digest[EVP_MAX_MD_SIZE], *sigblob;
 	u_int len, dlen;
 	int rlen, ret, nid;
 
@@ -161,15 +158,12 @@ ssh_rsa_verify(
 		xfree(sigblob);
 		return -1;
 	}
-	dlen = evp_md->md_size;
-	digest = xmalloc(dlen);
 	EVP_DigestInit(&md, evp_md);
 	EVP_DigestUpdate(&md, data, datalen);
-	EVP_DigestFinal(&md, digest, NULL);
+	EVP_DigestFinal(&md, digest, &dlen);
 
 	ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
-	memset(digest, 'd', dlen);
-	xfree(digest);
+	memset(digest, 'd', sizeof(digest));
 	memset(sigblob, 's', len);
 	xfree(sigblob);
 	if (ret == 0) {
author	Damien Miller <djm@mindrot.org>	2002-02-05 11:53:43 +1100
committer	Damien Miller <djm@mindrot.org>	2002-02-05 11:53:43 +1100
commit	c516e928cdaf2ea3dd666a79d4c89a942b242d68 (patch)
tree	b34d1e8c6610fc9768f546a1557df1efe3a14a68
parent	3a8262ffcc04afca626d457da65fc1076681073c (diff)