svnno****@sourc*****
svnno****@sourc*****
2017年 1月 7日 (土) 23:54:55 JST
Tera TermRevision: 6563
http://sourceforge.jp/projects/ttssh2/scm/svn/commits/6563
Author: yutakapon
Date: 2017-01-07 23:54:54 +0900 (Sat, 07 Jan 2017)
Log Message:
-----------
EVP_MD_CTX 構造体をポインタ化した。
Modified Paths:
--------------
branches/openssl_1_1_0/ttssh2/ttxssh/kex.c
branches/openssl_1_1_0/ttssh2/ttxssh/key.c
branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c
-------------- next part --------------
Modified: branches/openssl_1_1_0/ttssh2/ttxssh/kex.c
===================================================================
--- branches/openssl_1_1_0/ttssh2/ttxssh/kex.c 2017-01-07 10:41:31 UTC (rev 6562)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/kex.c 2017-01-07 14:54:54 UTC (rev 6563)
@@ -286,8 +286,12 @@
{
buffer_t *b;
static unsigned char digest[EVP_MAX_MD_SIZE];
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto error;
+
b = buffer_init();
buffer_put_string(b, client_version_string, strlen(client_version_string));
buffer_put_string(b, server_version_string, strlen(server_version_string));
@@ -308,9 +312,9 @@
// yutaka
//debug_print(38, buffer_ptr(b), buffer_len(b));
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+ EVP_DigestFinal(md, digest, NULL);
buffer_free(b);
@@ -318,6 +322,10 @@
*hashlen = EVP_MD_size(evp_md);
+error:
+ if (md)
+ EVP_MD_CTX_free(md);
+
return digest;
}
@@ -341,8 +349,12 @@
{
buffer_t *b;
static unsigned char digest[EVP_MAX_MD_SIZE];
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto error;
+
b = buffer_init();
buffer_put_string(b, client_version_string, strlen(client_version_string));
buffer_put_string(b, server_version_string, strlen(server_version_string));
@@ -373,9 +385,9 @@
// yutaka
//debug_print(38, buffer_ptr(b), buffer_len(b));
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+ EVP_DigestFinal(md, digest, NULL);
buffer_free(b);
@@ -383,6 +395,10 @@
*hashlen = EVP_MD_size(evp_md);
+error:
+ if (md)
+ EVP_MD_CTX_free(md);
+
return digest;
}
@@ -401,8 +417,12 @@
{
buffer_t *b;
static unsigned char digest[EVP_MAX_MD_SIZE];
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto error;
+
b = buffer_init();
buffer_put_string(b, client_version_string, strlen(client_version_string));
buffer_put_string(b, server_version_string, strlen(server_version_string));
@@ -424,9 +444,9 @@
// yutaka
//debug_print(38, buffer_ptr(b), buffer_len(b));
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+ EVP_DigestFinal(md, digest, NULL);
buffer_free(b);
@@ -434,6 +454,10 @@
*hashlen = EVP_MD_size(evp_md);
+error:
+ if (md)
+ EVP_MD_CTX_free(md);
+
return digest;
}
@@ -544,12 +568,16 @@
const EVP_MD *evp_md)
{
buffer_t *b;
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
char c = id;
int have;
int mdsz = EVP_MD_size(evp_md);
u_char *digest = malloc(roundup(need, mdsz));
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto skip;
+
if (digest == NULL)
goto skip;
@@ -560,12 +588,12 @@
buffer_put_bignum2(b, shared_secret);
/* K1 = HASH(K || H || "A" || session_id) */
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
- EVP_DigestUpdate(&md, hash, mdsz);
- EVP_DigestUpdate(&md, &c, 1);
- EVP_DigestUpdate(&md, session_id, session_id_len);
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+ EVP_DigestUpdate(md, hash, mdsz);
+ EVP_DigestUpdate(md, &c, 1);
+ EVP_DigestUpdate(md, session_id, session_id_len);
+ EVP_DigestFinal(md, digest, NULL);
/*
* expand key:
@@ -573,15 +601,18 @@
* Key = K1 || K2 || ... || Kn
*/
for (have = mdsz; need > have; have += mdsz) {
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
- EVP_DigestUpdate(&md, hash, mdsz);
- EVP_DigestUpdate(&md, digest, have);
- EVP_DigestFinal(&md, digest + have, NULL);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+ EVP_DigestUpdate(md, hash, mdsz);
+ EVP_DigestUpdate(md, digest, have);
+ EVP_DigestFinal(md, digest + have, NULL);
}
buffer_free(b);
skip:;
+ if (md)
+ EVP_MD_CTX_free(md);
+
return digest;
}
Modified: branches/openssl_1_1_0/ttssh2/ttxssh/key.c
===================================================================
--- branches/openssl_1_1_0/ttssh2/ttxssh/key.c 2017-01-07 10:41:31 UTC (rev 6562)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/key.c 2017-01-07 14:54:54 UTC (rev 6563)
@@ -80,14 +80,18 @@
{
DSA_SIG *sig;
const EVP_MD *evp_md = EVP_sha1();
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
unsigned int len, dlen;
- int ret;
+ int ret = -1;
char *ptr;
OpenSSL_add_all_digests();
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto error;
+
if (key == NULL) {
return -2;
}
@@ -129,9 +133,9 @@
BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
/* sha1 the data */
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, data, datalen);
+ EVP_DigestFinal(md, digest, &dlen);
ret = DSA_do_verify(digest, dlen, sig, key);
SecureZeroMemory(digest, sizeof(digest));
@@ -138,6 +142,10 @@
DSA_SIG_free(sig);
+error:
+ if (md)
+ EVP_MD_CTX_free(md);
+
return ret;
}
@@ -243,16 +251,20 @@
u_char *data, u_int datalen)
{
const EVP_MD *evp_md;
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
// char *ktype;
u_char digest[EVP_MAX_MD_SIZE], *sigblob;
u_int len, dlen, modlen;
// int rlen, ret, nid;
- int ret, nid;
+ int ret = -1, nid;
char *ptr;
OpenSSL_add_all_digests();
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto error;
+
if (key == NULL) {
return -2;
}
@@ -302,9 +314,9 @@
//error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
return -6;
}
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, data, datalen);
+ EVP_DigestFinal(md, digest, &dlen);
ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key);
@@ -313,6 +325,10 @@
//free(sigblob);
//debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
+error:
+ if (md)
+ EVP_MD_CTX_free(md);
+
return ret;
}
@@ -322,7 +338,7 @@
{
ECDSA_SIG *sig;
const EVP_MD *evp_md;
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
unsigned int len, dlen;
int ret, nid = NID_undef;
@@ -330,6 +346,10 @@
OpenSSL_add_all_digests();
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto error;
+
if (key == NULL) {
return -2;
}
@@ -367,9 +387,9 @@
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
return -8;
}
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, data, datalen);
+ EVP_DigestFinal(md, digest, &dlen);
ret = ECDSA_do_verify(digest, dlen, sig, key);
SecureZeroMemory(digest, sizeof(digest));
@@ -376,6 +396,10 @@
ECDSA_SIG_free(sig);
+error:
+ if (md)
+ EVP_MD_CTX_free(md);
+
return ret;
}
@@ -596,7 +620,7 @@
char* key_fingerprint_raw(Key *k, enum digest_algorithm dgst_alg, int *dgst_raw_length)
{
const EVP_MD *md = NULL;
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = NULL;
char *blob = NULL;
char *retval = NULL;
int len = 0;
@@ -603,6 +627,10 @@
int nlen, elen;
RSA *rsa;
+ ctx = EVP_MD_CTX_new();
+ if (ctx == NULL)
+ goto error;
+
*dgst_raw_length = 0;
switch (dgst_alg) {
@@ -657,14 +685,19 @@
if (retval == NULL) {
// TODO:
}
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, blob, len);
- EVP_DigestFinal(&ctx, retval, dgst_raw_length);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, blob, len);
+ EVP_DigestFinal(ctx, retval, dgst_raw_length);
SecureZeroMemory(blob, len);
free(blob);
} else {
//fatal("key_fingerprint_raw: blob is null");
}
+
+error:
+ if (ctx)
+ EVP_MD_CTX_free(ctx);
+
return retval;
}
@@ -1443,6 +1476,7 @@
buffer_t *msg = NULL;
char *s;
int ret;
+ EVP_MD_CTX *md = NULL;
msg = buffer_init();
if (msg == NULL) {
@@ -1450,19 +1484,22 @@
return FALSE;
}
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto error;
+
switch (keypair->type) {
case KEY_RSA: // RSA
{
const EVP_MD *evp_md = EVP_sha1();
- EVP_MD_CTX md;
u_char digest[EVP_MAX_MD_SIZE], *sig;
u_int slen, dlen, len;
int ok, nid = NID_sha1;
// \x83_\x83C\x83W\x83F\x83X\x83g\x92l\x82̌v\x8EZ
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, data, datalen);
+ EVP_DigestFinal(md, digest, &dlen);
slen = RSA_size(keypair->rsa);
sig = malloc(slen);
@@ -1512,14 +1549,13 @@
{
DSA_SIG *sig;
const EVP_MD *evp_md = EVP_sha1();
- EVP_MD_CTX md;
u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
u_int rlen, slen, len, dlen;
// \x83_\x83C\x83W\x83F\x83X\x83g\x82̌v\x8EZ
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, data, datalen);
+ EVP_DigestFinal(md, digest, &dlen);
// DSA\x93d\x8Eq\x8F\x90\x96\xBC\x82\xF0\x8Cv\x8EZ
sig = DSA_do_sign(digest, dlen, keypair->dsa);
@@ -1562,7 +1598,6 @@
{
ECDSA_SIG *sig;
const EVP_MD *evp_md;
- EVP_MD_CTX md;
u_char digest[EVP_MAX_MD_SIZE];
u_int len, dlen, nid;
buffer_t *buf2 = NULL;
@@ -1571,9 +1606,9 @@
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
goto error;
}
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, data, datalen);
+ EVP_DigestFinal(md, digest, &dlen);
sig = ECDSA_do_sign(digest, dlen, keypair->ecdsa);
SecureZeroMemory(digest, sizeof(digest));
@@ -1619,10 +1654,15 @@
break;
}
+ EVP_MD_CTX_free(md);
+
buffer_free(msg);
return TRUE;
error:
+ if (md)
+ EVP_MD_CTX_free(md);
+
buffer_free(msg);
return FALSE;
Modified: branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c
===================================================================
--- branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c 2017-01-07 10:41:31 UTC (rev 6562)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c 2017-01-07 14:54:54 UTC (rev 6563)
@@ -877,22 +877,26 @@
// decrypt prikey with aes256-cbc
if (strcmp(encname, "aes256-cbc") == 0) {
const EVP_MD *md = EVP_sha1();
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = NULL;
unsigned char key[40], iv[32];
EVP_CIPHER_CTX *cipher_ctx = NULL;
char *decrypted = NULL;
+ ctx = EVP_MD_CTX_new();
+ if (ctx == NULL)
+ goto error;
+
cipher_ctx = EVP_CIPHER_CTX_new();
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, "\0\0\0\0", 4);
- EVP_DigestUpdate(&ctx, passphrase, strlen(passphrase));
- EVP_DigestFinal(&ctx, key, &len);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, "\0\0\0\0", 4);
+ EVP_DigestUpdate(ctx, passphrase, strlen(passphrase));
+ EVP_DigestFinal(ctx, key, &len);
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, "\0\0\0\1", 4);
- EVP_DigestUpdate(&ctx, passphrase, strlen(passphrase));
- EVP_DigestFinal(&ctx, key + 20, &len);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, "\0\0\0\1", 4);
+ EVP_DigestUpdate(ctx, passphrase, strlen(passphrase));
+ EVP_DigestFinal(ctx, key + 20, &len);
memset(iv, 0, sizeof(iv));
@@ -905,6 +909,7 @@
free(decrypted);
cipher_cleanup_SSH2(cipher_ctx);
EVP_CIPHER_CTX_free(cipher_ctx);
+ EVP_MD_CTX_free(ctx);
goto error;
}
buffer_clear(prikey);
@@ -912,6 +917,7 @@
free(decrypted);
cipher_cleanup_SSH2(cipher_ctx);
EVP_CIPHER_CTX_free(cipher_ctx);
+ EVP_MD_CTX_free(ctx);
}
// verity MAC
@@ -940,44 +946,57 @@
unsigned char mackey[20];
char header[] = "putty-private-key-file-mac-key";
const EVP_MD *md = EVP_sha1();
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = NULL;
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, header, sizeof(header)-1);
+ ctx = EVP_MD_CTX_new();
+ if (ctx == NULL)
+ goto error;
+
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, header, sizeof(header)-1);
len = strlen(passphrase);
if (strcmp(encname, "aes256-cbc") == 0 && len > 0) {
- EVP_DigestUpdate(&ctx, passphrase, len);
+ EVP_DigestUpdate(ctx, passphrase, len);
}
- EVP_DigestFinal(&ctx, mackey, &len);
+ EVP_DigestFinal(ctx, mackey, &len);
+ EVP_MD_CTX_free(ctx);
//hmac_sha1_simple(mackey, sizeof(mackey), macdata->buf, macdata->len, binary);
{
- EVP_MD_CTX ctx[2];
+ EVP_MD_CTX *ctx[2] = { 0 };
unsigned char intermediate[20];
unsigned char foo[64];
int i;
+ ctx[0] = EVP_MD_CTX_new();
+ ctx[1] = EVP_MD_CTX_new();
+ if (ctx[0] == NULL || ctx[1] == NULL)
+ goto error;
+
memset(foo, 0x36, sizeof(foo));
for (i = 0; i < sizeof(mackey) && i < sizeof(foo); i++) {
foo[i] ^= mackey[i];
}
- EVP_DigestInit(&ctx[0], md);
- EVP_DigestUpdate(&ctx[0], foo, sizeof(foo));
+ EVP_DigestInit(ctx[0], md);
+ EVP_DigestUpdate(ctx[0], foo, sizeof(foo));
memset(foo, 0x5C, sizeof(foo));
for (i = 0; i < sizeof(mackey) && i < sizeof(foo); i++) {
foo[i] ^= mackey[i];
}
- EVP_DigestInit(&ctx[1], md);
- EVP_DigestUpdate(&ctx[1], foo, sizeof(foo));
+ EVP_DigestInit(ctx[1], md);
+ EVP_DigestUpdate(ctx[1], foo, sizeof(foo));
memset(foo, 0, sizeof(foo));
- EVP_DigestUpdate(&ctx[0], macdata->buf, macdata->len);
- EVP_DigestFinal(&ctx[0], intermediate, &len);
+ EVP_DigestUpdate(ctx[0], macdata->buf, macdata->len);
+ EVP_DigestFinal(ctx[0], intermediate, &len);
- EVP_DigestUpdate(&ctx[1], intermediate, sizeof(intermediate));
- EVP_DigestFinal(&ctx[1], binary, &len);
+ EVP_DigestUpdate(ctx[1], intermediate, sizeof(intermediate));
+ EVP_DigestFinal(ctx[1], binary, &len);
+
+ EVP_MD_CTX_free(ctx[0]);
+ EVP_MD_CTX_free(ctx[1]);
}
memset(mackey, 0, sizeof(mackey));