Tera TermRevision: 7791
https://osdn.net/projects/ttssh2/scm/svn/commits/7791
Author: yutakapon
Date: 2019-06-22 20:13:50 +0900 (Sat, 22 Jun 2019)
Log Message:
-----------
EVP_MD_CTX 構造体の使用をポインタ化した。
チケット #36876
Ticket Links:
------------
https://osdn.net/projects/ttssh2/tracker/detail/36876
Modified Paths:
--------------
branches/openssl_1_1_1_v2/ttssh2/ttxssh/kex.c
branches/openssl_1_1_1_v2/ttssh2/ttxssh/key.c
branches/openssl_1_1_1_v2/ttssh2/ttxssh/keyfiles.c
-------------- next part --------------
Modified: branches/openssl_1_1_1_v2/ttssh2/ttxssh/kex.c
===================================================================
--- branches/openssl_1_1_1_v2/ttssh2/ttxssh/kex.c 2019-06-22 09:40:40 UTC (rev 7790)
+++ branches/openssl_1_1_1_v2/ttssh2/ttxssh/kex.c 2019-06-22 11:13:50 UTC (rev 7791)
@@ -286,8 +286,13 @@
{
buffer_t *b;
static unsigned char digest[EVP_MAX_MD_SIZE];
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
+ /********* OPENSSL1.1.1 NOTEST *********/
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto error;
+
b = buffer_init();
buffer_put_string(b, client_version_string, strlen(client_version_string));
buffer_put_string(b, server_version_string, strlen(server_version_string));
@@ -308,9 +313,9 @@
// yutaka
//debug_print(38, buffer_ptr(b), buffer_len(b));
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+ EVP_DigestFinal(md, digest, NULL);
buffer_free(b);
@@ -318,6 +323,10 @@
*hashlen = EVP_MD_size(evp_md);
+error:
+ if (md)
+ EVP_MD_CTX_free(md);
+
return digest;
}
@@ -341,8 +350,13 @@
{
buffer_t *b;
static unsigned char digest[EVP_MAX_MD_SIZE];
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
+ /********* OPENSSL1.1.1 NOTEST *********/
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto error;
+
b = buffer_init();
buffer_put_string(b, client_version_string, strlen(client_version_string));
buffer_put_string(b, server_version_string, strlen(server_version_string));
@@ -373,9 +387,9 @@
// yutaka
//debug_print(38, buffer_ptr(b), buffer_len(b));
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+ EVP_DigestFinal(md, digest, NULL);
buffer_free(b);
@@ -383,6 +397,10 @@
*hashlen = EVP_MD_size(evp_md);
+error:
+ if (md)
+ EVP_MD_CTX_free(md);
+
return digest;
}
@@ -401,8 +419,13 @@
{
buffer_t *b;
static unsigned char digest[EVP_MAX_MD_SIZE];
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
+ /********* OPENSSL1.1.1 NOTEST *********/
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto error;
+
b = buffer_init();
buffer_put_string(b, client_version_string, strlen(client_version_string));
buffer_put_string(b, server_version_string, strlen(server_version_string));
@@ -424,9 +447,9 @@
// yutaka
//debug_print(38, buffer_ptr(b), buffer_len(b));
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+ EVP_DigestFinal(md, digest, NULL);
buffer_free(b);
@@ -434,6 +457,10 @@
*hashlen = EVP_MD_size(evp_md);
+error:
+ if (md)
+ EVP_MD_CTX_free(md);
+
return digest;
}
@@ -466,12 +493,17 @@
const EVP_MD *evp_md)
{
buffer_t *b;
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
char c = id;
int have;
int mdsz = EVP_MD_size(evp_md);
u_char *digest = malloc(roundup(need, mdsz));
+ /********* OPENSSL1.1.1 NOTEST *********/
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto skip;
+
if (digest == NULL)
goto skip;
@@ -482,12 +514,12 @@
buffer_put_bignum2(b, shared_secret);
/* K1 = HASH(K || H || "A" || session_id) */
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
- EVP_DigestUpdate(&md, hash, mdsz);
- EVP_DigestUpdate(&md, &c, 1);
- EVP_DigestUpdate(&md, session_id, session_id_len);
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+ EVP_DigestUpdate(md, hash, mdsz);
+ EVP_DigestUpdate(md, &c, 1);
+ EVP_DigestUpdate(md, session_id, session_id_len);
+ EVP_DigestFinal(md, digest, NULL);
/*
* expand key:
@@ -495,15 +527,18 @@
* Key = K1 || K2 || ... || Kn
*/
for (have = mdsz; need > have; have += mdsz) {
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
- EVP_DigestUpdate(&md, hash, mdsz);
- EVP_DigestUpdate(&md, digest, have);
- EVP_DigestFinal(&md, digest + have, NULL);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+ EVP_DigestUpdate(md, hash, mdsz);
+ EVP_DigestUpdate(md, digest, have);
+ EVP_DigestFinal(md, digest + have, NULL);
}
buffer_free(b);
skip:;
+ if (md)
+ EVP_MD_CTX_free(md);
+
return digest;
}
Modified: branches/openssl_1_1_1_v2/ttssh2/ttxssh/key.c
===================================================================
--- branches/openssl_1_1_1_v2/ttssh2/ttxssh/key.c 2019-06-22 09:40:40 UTC (rev 7790)
+++ branches/openssl_1_1_1_v2/ttssh2/ttxssh/key.c 2019-06-22 11:13:50 UTC (rev 7791)
@@ -87,16 +87,24 @@
{
DSA_SIG *sig;
const EVP_MD *evp_md = EVP_sha1();
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
unsigned int len, dlen;
- int ret;
+ int ret = -1;
char *ptr;
+ /********* OPENSSL1.1.1 NOTEST *********/
+ md = EVP_MD_CTX_new();
+ if (md == NULL) {
+ ret = -1;
+ goto error;
+ }
+
OpenSSL_add_all_digests();
if (key == NULL) {
- return -2;
+ ret = -2;
+ goto error;
}
ptr = signature;
@@ -110,7 +118,8 @@
len = get_uint32_MSBfirst(ptr);
ptr += 4;
if (strncmp("ssh-dss", ptr, len) != 0) {
- return -3;
+ ret = -3;
+ goto error;
}
ptr += len;
}
@@ -122,16 +131,23 @@
ptr += len;
if (len != SIGBLOB_LEN) {
- return -4;
+ ret = -4;
+ goto error;
}
/* parse signature */
- if ((sig = DSA_SIG_new()) == NULL)
- return -5;
- if ((sig->r = BN_new()) == NULL)
- return -6;
- if ((sig->s = BN_new()) == NULL)
- return -7;
+ if ((sig = DSA_SIG_new()) == NULL) {
+ ret = -5;
+ goto error;
+ }
+ if ((sig->r = BN_new()) == NULL) {
+ ret = -6;
+ goto error;
+ }
+ if ((sig->s = BN_new()) == NULL) {
+ ret = -7;
+ goto error;
+ }
BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
@@ -145,6 +161,10 @@
DSA_SIG_free(sig);
+error:
+ if (md)
+ EVP_MD_CTX_free(md);
+
return ret;
}
@@ -250,21 +270,30 @@
u_char *data, u_int datalen)
{
const EVP_MD *evp_md;
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
// char *ktype;
u_char digest[EVP_MAX_MD_SIZE], *sigblob;
u_int len, dlen, modlen;
// int rlen, ret, nid;
- int ret, nid;
+ int ret = -1, nid;
char *ptr;
+ /********* OPENSSL1.1.1 NOTEST *********/
+ md = EVP_MD_CTX_new();
+ if (md == NULL) {
+ ret = -1;
+ goto error;
+ }
+
OpenSSL_add_all_digests();
if (key == NULL) {
- return -2;
+ ret = -2;
+ goto error;
}
if (BN_num_bits(key->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
- return -3;
+ ret = -3;
+ goto error;
}
//debug_print(41, signature, signaturelen);
ptr = signature;
@@ -273,7 +302,8 @@
len = get_uint32_MSBfirst(ptr);
ptr += 4;
if (strncmp("ssh-rsa", ptr, len) != 0) {
- return -4;
+ ret = -4;
+ goto error;
}
ptr += len;
@@ -292,7 +322,8 @@
/* RSA_verify expects a signature of RSA_size */
modlen = RSA_size(key);
if (len > modlen) {
- return -5;
+ ret = -5;
+ goto error;
} else if (len < modlen) {
u_int diff = modlen - len;
@@ -307,7 +338,8 @@
nid = NID_sha1;
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
//error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
- return -6;
+ ret = -6;
+ goto error;
}
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
@@ -320,6 +352,10 @@
//free(sigblob);
//debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
+error:
+ if (md)
+ EVP_MD_CTX_free(md);
+
return ret;
}
@@ -329,16 +365,24 @@
{
ECDSA_SIG *sig;
const EVP_MD *evp_md;
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
unsigned int len, dlen;
- int ret, nid = NID_undef;
+ int ret = -1, nid = NID_undef;
char *ptr;
+ /********* OPENSSL1.1.1 NOTEST *********/
+ md = EVP_MD_CTX_new();
+ if (md == NULL) {
+ ret = -1;
+ goto error;
+ }
+
OpenSSL_add_all_digests();
if (key == NULL) {
- return -2;
+ ret = -2;
+ goto error;
}
ptr = signature;
@@ -346,7 +390,8 @@
len = get_uint32_MSBfirst(ptr);
ptr += 4;
if (strncmp(get_ssh_keytype_name(keytype), ptr, len) != 0) {
- return -3;
+ ret = -3;
+ goto error;
}
ptr += len;
@@ -356,23 +401,31 @@
ptr += len;
/* parse signature */
- if ((sig = ECDSA_SIG_new()) == NULL)
- return -4;
- if ((sig->r = BN_new()) == NULL)
- return -5;
- if ((sig->s = BN_new()) == NULL)
- return -6;
+ if ((sig = ECDSA_SIG_new()) == NULL) {
+ ret = -4;
+ goto error;
+ }
+ if ((sig->r = BN_new()) == NULL) {
+ ret = -5;
+ goto error;
+ }
+ if ((sig->s = BN_new()) == NULL) {
+ ret = -6;
+ goto error;
+ }
buffer_get_bignum2(&sigblob, sig->r);
buffer_get_bignum2(&sigblob, sig->s);
if (sigblob != ptr) {
- return -7;
+ ret = -7;
+ goto error;
}
/* hash the data */
nid = keytype_to_hash_nid(keytype);
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
- return -8;
+ ret = -8;
+ goto error;
}
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
@@ -383,6 +436,10 @@
ECDSA_SIG_free(sig);
+error:
+ if (md)
+ EVP_MD_CTX_free(md);
+
return ret;
}
@@ -603,7 +660,7 @@
char* key_fingerprint_raw(Key *k, digest_algorithm dgst_alg, int *dgst_raw_length)
{
const EVP_MD *md = NULL;
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = NULL;
char *blob = NULL;
char *retval = NULL;
int len = 0;
@@ -610,6 +667,12 @@
int nlen, elen;
RSA *rsa;
+ /********* OPENSSL1.1.1 NOTEST *********/
+ ctx = EVP_MD_CTX_new();
+ if (ctx == NULL) {
+ goto error;
+ }
+
*dgst_raw_length = 0;
switch (dgst_alg) {
@@ -664,14 +727,19 @@
if (retval == NULL) {
// TODO:
}
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, blob, len);
- EVP_DigestFinal(&ctx, retval, dgst_raw_length);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, blob, len);
+ EVP_DigestFinal(ctx, retval, dgst_raw_length);
SecureZeroMemory(blob, len);
free(blob);
} else {
//fatal("key_fingerprint_raw: blob is null");
}
+
+error:
+ if (ctx)
+ EVP_MD_CTX_free(ctx);
+
return retval;
}
@@ -1461,16 +1529,23 @@
case KEY_RSA: // RSA
{
const EVP_MD *evp_md = EVP_sha1();
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
u_char digest[EVP_MAX_MD_SIZE], *sig;
u_int slen, dlen, len;
int ok, nid = NID_sha1;
+ /********* OPENSSL1.1.1 NOTEST *********/
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto error;
+
// \x83_\x83C\x83W\x83F\x83X\x83g\x92l\x82̌v\x8EZ
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, data, datalen);
+ EVP_DigestFinal(md, digest, &dlen);
+ EVP_MD_CTX_free(md);
+
slen = RSA_size(keypair->rsa);
sig = malloc(slen);
if (sig == NULL)
@@ -1519,15 +1594,22 @@
{
DSA_SIG *sig;
const EVP_MD *evp_md = EVP_sha1();
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
u_int rlen, slen, len, dlen;
+ /********* OPENSSL1.1.1 NOTEST *********/
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto error;
+
// \x83_\x83C\x83W\x83F\x83X\x83g\x82̌v\x8EZ
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, data, datalen);
+ EVP_DigestFinal(md, digest, &dlen);
+ EVP_MD_CTX_free(md);
+
// DSA\x93d\x8Eq\x8F\x90\x96\xBC\x82\xF0\x8Cv\x8EZ
sig = DSA_do_sign(digest, dlen, keypair->dsa);
SecureZeroMemory(digest, sizeof(digest));
@@ -1569,7 +1651,7 @@
{
ECDSA_SIG *sig;
const EVP_MD *evp_md;
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = NULL;
u_char digest[EVP_MAX_MD_SIZE];
u_int len, dlen, nid;
buffer_t *buf2 = NULL;
@@ -1578,10 +1660,18 @@
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
goto error;
}
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ /********* OPENSSL1.1.1 NOTEST *********/
+ md = EVP_MD_CTX_new();
+ if (md == NULL)
+ goto error;
+
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, data, datalen);
+ EVP_DigestFinal(md, digest, &dlen);
+
+ EVP_MD_CTX_free(md);
+
sig = ECDSA_do_sign(digest, dlen, keypair->ecdsa);
SecureZeroMemory(digest, sizeof(digest));
Modified: branches/openssl_1_1_1_v2/ttssh2/ttxssh/keyfiles.c
===================================================================
--- branches/openssl_1_1_1_v2/ttssh2/ttxssh/keyfiles.c 2019-06-22 09:40:40 UTC (rev 7790)
+++ branches/openssl_1_1_1_v2/ttssh2/ttxssh/keyfiles.c 2019-06-22 11:13:50 UTC (rev 7791)
@@ -922,25 +922,36 @@
// decrypt prikey with aes256-cbc
if (strcmp(encname, "aes256-cbc") == 0) {
const EVP_MD *md = EVP_sha1();
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = NULL;
unsigned char key[40], iv[32];
EVP_CIPHER_CTX *cipher_ctx = NULL;
char *decrypted = NULL;
/********* OPENSSL1.1.1 NOTEST *********/
+ ctx = EVP_MD_CTX_new();
+ if (ctx == NULL) {
+ goto error;
+ }
+
+ /********* OPENSSL1.1.1 NOTEST *********/
cipher_ctx = EVP_CIPHER_CTX_new();
- /*** TODO: OPENSSL1.1.1 ERROR CHECK ***/
+ if (ctx == NULL) {
+ EVP_MD_CTX_free(ctx);
+ goto error;
+ }
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, "\0\0\0\0", 4);
- EVP_DigestUpdate(&ctx, passphrase, strlen(passphrase));
- EVP_DigestFinal(&ctx, key, &len);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, "\0\0\0\0", 4);
+ EVP_DigestUpdate(ctx, passphrase, strlen(passphrase));
+ EVP_DigestFinal(ctx, key, &len);
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, "\0\0\0\1", 4);
- EVP_DigestUpdate(&ctx, passphrase, strlen(passphrase));
- EVP_DigestFinal(&ctx, key + 20, &len);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, "\0\0\0\1", 4);
+ EVP_DigestUpdate(ctx, passphrase, strlen(passphrase));
+ EVP_DigestFinal(ctx, key + 20, &len);
+ EVP_MD_CTX_free(ctx);
+
memset(iv, 0, sizeof(iv));
/********* OPENSSL1.1.1 NOTEST *********/
@@ -988,23 +999,41 @@
unsigned char mackey[20];
char header[] = "putty-private-key-file-mac-key";
const EVP_MD *md = EVP_sha1();
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = NULL;
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, header, sizeof(header)-1);
+ /********* OPENSSL1.1.1 NOTEST *********/
+ ctx = EVP_MD_CTX_new();
+ if (ctx == NULL) {
+ goto error;
+ }
+
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, header, sizeof(header)-1);
len = strlen(passphrase);
if (strcmp(encname, "aes256-cbc") == 0 && len > 0) {
- EVP_DigestUpdate(&ctx, passphrase, len);
+ EVP_DigestUpdate(ctx, passphrase, len);
}
- EVP_DigestFinal(&ctx, mackey, &len);
+ EVP_DigestFinal(ctx, mackey, &len);
+ EVP_MD_CTX_free(ctx);
//hmac_sha1_simple(mackey, sizeof(mackey), macdata->buf, macdata->len, binary);
{
- EVP_MD_CTX ctx[2];
+ EVP_MD_CTX *ctx[2] = {0, 0};
unsigned char intermediate[20];
unsigned char foo[64];
int i;
+ /********* OPENSSL1.1.1 NOTEST *********/
+ ctx[0] = EVP_MD_CTX_new();
+ if (ctx[0] == NULL) {
+ goto error;
+ }
+ ctx[1] = EVP_MD_CTX_new();
+ if (ctx[1] == NULL) {
+ EVP_MD_CTX_free(ctx[0]);
+ goto error;
+ }
+
memset(foo, 0x36, sizeof(foo));
for (i = 0; i < sizeof(mackey) && i < sizeof(foo); i++) {
foo[i] ^= mackey[i];
@@ -1026,6 +1055,9 @@
EVP_DigestUpdate(&ctx[1], intermediate, sizeof(intermediate));
EVP_DigestFinal(&ctx[1], binary, &len);
+
+ EVP_MD_CTX_free(ctx[0]);
+ EVP_MD_CTX_free(ctx[1]);
}
memset(mackey, 0, sizeof(mackey));