diff options
| author |   djm <djm@openbsd.org> | 2014-01-09 23:20:00 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2014-01-09 23:20:00 +0000 |
| commit | 8df5df93ec0c8b5c8a3f94bd81f484198667d804 (patch) | |
| tree | e4d51ed2df90ab75b055f10d86e1a3e089fc1718 /usr.bin/ssh/ssh-dss.c | |
| parent | Remove useless variable "height" in function traverse(). It is (diff) | |
| download | wireguard-openbsd-8df5df93ec0c8b5c8a3f94bd81f484198667d804.tar.xz wireguard-openbsd-8df5df93ec0c8b5c8a3f94bd81f484198667d804.zip | |
Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
feedback, ok markus@
Diffstat (limited to 'usr.bin/ssh/ssh-dss.c')
| -rw-r--r-- | usr.bin/ssh/ssh-dss.c | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/usr.bin/ssh/ssh-dss.c b/usr.bin/ssh/ssh-dss.c index 9b28af7f9e4..cd206fd44c3 100644 --- a/usr.bin/ssh/ssh-dss.c +++ b/usr.bin/ssh/ssh-dss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.29 2013/12/27 22:30:17 djm Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.30 2014/01/09 23:20:00 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -35,6 +35,7 @@ #include "compat.h" #include "log.h" #include "key.h" +#include "digest.h" #define INTBLOB_LEN 20 #define SIGBLOB_LEN (2*INTBLOB_LEN) @@ -44,10 +45,8 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, const u_char *data, u_int datalen) { DSA_SIG *sig; - const EVP_MD *evp_md = EVP_sha1(); - EVP_MD_CTX md; - u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; - u_int rlen, slen, len, dlen; + u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; + u_int rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); Buffer b; if (key == NULL || key_type_plain(key->type) != KEY_DSA || @@ -56,9 +55,11 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, return -1; } - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, &dlen); + if (ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, + digest, sizeof(digest)) != 0) { + error("%s: ssh_digest_memory failed", __func__); + return -1; + } sig = DSA_do_sign(digest, dlen, key->dsa); memset(digest, 'd', sizeof(digest)); @@ -108,10 +109,8 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, const u_char *data, u_int datalen) { DSA_SIG *sig; - const EVP_MD *evp_md = EVP_sha1(); - EVP_MD_CTX md; - u_char digest[EVP_MAX_MD_SIZE], *sigblob; - u_int len, dlen; + u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob; + u_int len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); int rlen, ret; Buffer b; @@ -170,9 +169,11 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, free(sigblob); /* sha1 the data */ - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, &dlen); + if (ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, + digest, sizeof(digest)) != 0) { + error("%s: digest_memory failed", __func__); + return -1; + } ret = DSA_do_verify(digest, dlen, sig, key->dsa); memset(digest, 'd', sizeof(digest)); |