From e9536edede0b0b24c68245824ae3b4df61c01c04 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 12 Jun 2015 10:53:18 +0200 Subject: [PATCH] openssl: make libssh2_sha1 return error code - use the internal prefix _libssh2_ for non-exported functions - removed libssh2_md5() since it wasn't used Reported-by: Kamil Dudka --- src/openssl.c | 30 +++++++++++------------------- src/openssl.h | 11 +++++++---- 2 files changed, 18 insertions(+), 23 deletions(-) diff --git a/src/openssl.c b/src/openssl.c index fd9e7d6a..c1555dbc 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -105,7 +105,8 @@ _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsactx, unsigned char hash[SHA_DIGEST_LENGTH]; int ret; - libssh2_sha1(m, m_len, hash); + if (_libssh2_sha1(m, m_len, hash)) + return -1; /* failure */ ret = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH, (unsigned char *) sig, sig_len, rsactx); return (ret == 1) ? 0 : -1; @@ -160,7 +161,9 @@ _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx, dsasig.s = BN_new(); BN_bin2bn(sig + 20, 20, dsasig.s); - libssh2_sha1(m, m_len, hash); + if (_libssh2_sha1(m, m_len, hash)) + return -1; + ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, &dsasig, dsactx); BN_clear_free(dsasig.s); BN_clear_free(dsasig.r); @@ -564,14 +567,14 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, #endif /* LIBSSH_DSA */ int -libssh2_sha1_init(libssh2_sha1_ctx *ctx) +_libssh2_sha1_init(libssh2_sha1_ctx *ctx) { EVP_MD_CTX_init(ctx); return EVP_DigestInit(ctx, EVP_get_digestbyname("sha1")); } -void -libssh2_sha1(const unsigned char *message, unsigned long len, +int +_libssh2_sha1(const unsigned char *message, unsigned long len, unsigned char *out) { EVP_MD_CTX ctx; @@ -580,29 +583,18 @@ libssh2_sha1(const unsigned char *message, unsigned long len, if (EVP_DigestInit(&ctx, EVP_get_digestbyname("sha1"))) { EVP_DigestUpdate(&ctx, message, len); EVP_DigestFinal(&ctx, out, NULL); + return 0; /* success */ } + return 1; /* error */ } int -libssh2_md5_init(libssh2_md5_ctx *ctx) +_libssh2_md5_init(libssh2_md5_ctx *ctx) { EVP_MD_CTX_init(ctx); return EVP_DigestInit(ctx, EVP_get_digestbyname("md5")); } -void -libssh2_md5(const unsigned char *message, unsigned long len, - unsigned char *out) -{ - EVP_MD_CTX ctx; - - EVP_MD_CTX_init(&ctx); - if (EVP_DigestInit(&ctx, EVP_get_digestbyname("md5"))) { - EVP_DigestUpdate(&ctx, message, len); - EVP_DigestFinal(&ctx, out, NULL); - } -} - static unsigned char * write_bn(unsigned char *buf, const BIGNUM *bn, int bn_bytes) { diff --git a/src/openssl.h b/src/openssl.h index 9d0e1e84..00afd1d2 100644 --- a/src/openssl.h +++ b/src/openssl.h @@ -109,18 +109,21 @@ #define libssh2_sha1_ctx EVP_MD_CTX /* returns 0 in case of failure */ -int libssh2_sha1_init(libssh2_sha1_ctx *ctx); +int _libssh2_sha1_init(libssh2_sha1_ctx *ctx); +#define libssh2_sha1_init(x) _libssh2_sha1_init(x) #define libssh2_sha1_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len) #define libssh2_sha1_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL) -void libssh2_sha1(const unsigned char *message, unsigned long len, unsigned char *out); +int _libssh2_sha1(const unsigned char *message, unsigned long len, + unsigned char *out); +#define libssh2_sha1(x,y,z) _libssh2_sha1(x,y,z) #define libssh2_md5_ctx EVP_MD_CTX /* returns 0 in case of failure */ -int libssh2_md5_init(libssh2_md5_ctx *); +int _libssh2_md5_init(libssh2_md5_ctx *); +#define libssh2_md5_init(x) _libssh2_md5_init(x) #define libssh2_md5_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len) #define libssh2_md5_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL) -void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char *out); #define libssh2_hmac_ctx HMAC_CTX #define libssh2_hmac_ctx_init(ctx) \