From a7f0c4a9b39e9e5be67e849363f11a02702646a2 Mon Sep 17 00:00:00 2001 From: djm Date: Wed, 2 Jul 2014 05:28:02 +0000 Subject: - djm@cvs.openbsd.org 2014/06/24 01:13:21 [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c [sshconnect2.c sshd.c sshkey.c sshkey.h [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e. --- digest-openssl.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) (limited to 'digest-openssl.c') diff --git a/digest-openssl.c b/digest-openssl.c index 863d37d0..de038013 100644 --- a/digest-openssl.c +++ b/digest-openssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: digest-openssl.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: digest-openssl.c,v 1.3 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2013 Damien Miller * @@ -26,8 +26,9 @@ #include "openbsd-compat/openssl-compat.h" -#include "buffer.h" +#include "sshbuf.h" #include "digest.h" +#include "ssherr.h" struct ssh_digest_ctx { int alg; @@ -98,9 +99,11 @@ ssh_digest_start(int alg) int ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) { + if (from->alg != to->alg) + return SSH_ERR_INVALID_ARGUMENT; /* we have bcopy-style order while openssl has memcpy-style */ if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx)) - return -1; + return SSH_ERR_LIBCRYPTO_ERROR; return 0; } @@ -108,14 +111,14 @@ int ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) { if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1) - return -1; + return SSH_ERR_LIBCRYPTO_ERROR; return 0; } int -ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const Buffer *b) +ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const struct sshbuf *b) { - return ssh_digest_update(ctx, buffer_ptr(b), buffer_len(b)); + return ssh_digest_update(ctx, sshbuf_ptr(b), sshbuf_len(b)); } int @@ -125,13 +128,13 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) u_int l = dlen; if (dlen > UINT_MAX) - return -1; + return SSH_ERR_INVALID_ARGUMENT; if (dlen < digest->digest_len) /* No truncation allowed */ - return -1; + return SSH_ERR_INVALID_ARGUMENT; if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1) - return -1; + return SSH_ERR_LIBCRYPTO_ERROR; if (l != digest->digest_len) /* sanity */ - return -1; + return SSH_ERR_INTERNAL_ERROR; return 0; } @@ -149,18 +152,19 @@ int ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen) { struct ssh_digest_ctx *ctx = ssh_digest_start(alg); + int r; if (ctx == NULL) - return -1; - if (ssh_digest_update(ctx, m, mlen) != 0 || - ssh_digest_final(ctx, d, dlen) != 0) - return -1; + return SSH_ERR_INVALID_ARGUMENT; + if ((r = ssh_digest_update(ctx, m, mlen) != 0) || + (r = ssh_digest_final(ctx, d, dlen) != 0)) + return r; ssh_digest_free(ctx); return 0; } int -ssh_digest_buffer(int alg, const Buffer *b, u_char *d, size_t dlen) +ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen) { - return ssh_digest_memory(alg, buffer_ptr(b), buffer_len(b), d, dlen); + return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen); } -- cgit v1.2.1