[Ttssh2-commit] [6563] EVP_MD_CTX 構造体をポインタ化した。

svnno****@sourc***** svnno****@sourc*****
2017年 1月 7日 (土) 23:54:55 JST


Revision: 6563
          http://sourceforge.jp/projects/ttssh2/scm/svn/commits/6563
Author:   yutakapon
Date:     2017-01-07 23:54:54 +0900 (Sat, 07 Jan 2017)
Log Message:
-----------
EVP_MD_CTX 構造体をポインタ化した。

Modified Paths:
--------------
    branches/openssl_1_1_0/ttssh2/ttxssh/kex.c
    branches/openssl_1_1_0/ttssh2/ttxssh/key.c
    branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c

-------------- next part --------------
Modified: branches/openssl_1_1_0/ttssh2/ttxssh/kex.c
===================================================================
--- branches/openssl_1_1_0/ttssh2/ttxssh/kex.c	2017-01-07 10:41:31 UTC (rev 6562)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/kex.c	2017-01-07 14:54:54 UTC (rev 6563)
@@ -286,8 +286,12 @@
 {
 	buffer_t *b;
 	static unsigned char digest[EVP_MAX_MD_SIZE];
-	EVP_MD_CTX md;
+	EVP_MD_CTX *md = NULL;
 
+	md = EVP_MD_CTX_new();
+	if (md == NULL)
+		goto error;
+
 	b = buffer_init();
 	buffer_put_string(b, client_version_string, strlen(client_version_string));
 	buffer_put_string(b, server_version_string, strlen(server_version_string));
@@ -308,9 +312,9 @@
 	// yutaka
 	//debug_print(38, buffer_ptr(b), buffer_len(b));
 
-	EVP_DigestInit(&md, evp_md);
-	EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
-	EVP_DigestFinal(&md, digest, NULL);
+	EVP_DigestInit(md, evp_md);
+	EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+	EVP_DigestFinal(md, digest, NULL);
 
 	buffer_free(b);
 
@@ -318,6 +322,10 @@
 
 	*hashlen = EVP_MD_size(evp_md);
 
+error:
+	if (md)
+		EVP_MD_CTX_free(md);
+
 	return digest;
 }
 
@@ -341,8 +349,12 @@
 {
 	buffer_t *b;
 	static unsigned char digest[EVP_MAX_MD_SIZE];
-	EVP_MD_CTX md;
+	EVP_MD_CTX *md = NULL;
 
+	md = EVP_MD_CTX_new();
+	if (md == NULL)
+		goto error;
+
 	b = buffer_init();
 	buffer_put_string(b, client_version_string, strlen(client_version_string));
 	buffer_put_string(b, server_version_string, strlen(server_version_string));
@@ -373,9 +385,9 @@
 	// yutaka
 	//debug_print(38, buffer_ptr(b), buffer_len(b));
 
-	EVP_DigestInit(&md, evp_md);
-	EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
-	EVP_DigestFinal(&md, digest, NULL);
+	EVP_DigestInit(md, evp_md);
+	EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+	EVP_DigestFinal(md, digest, NULL);
 
 	buffer_free(b);
 
@@ -383,6 +395,10 @@
 
 	*hashlen = EVP_MD_size(evp_md);
 
+error:
+	if (md)
+		EVP_MD_CTX_free(md);
+
 	return digest;
 }
 
@@ -401,8 +417,12 @@
 {
 	buffer_t *b;
 	static unsigned char digest[EVP_MAX_MD_SIZE];
-	EVP_MD_CTX md;
+	EVP_MD_CTX *md = NULL;
 
+	md = EVP_MD_CTX_new();
+	if (md == NULL)
+		goto error;
+
 	b = buffer_init();
 	buffer_put_string(b, client_version_string, strlen(client_version_string));
 	buffer_put_string(b, server_version_string, strlen(server_version_string));
@@ -424,9 +444,9 @@
 	// yutaka
 	//debug_print(38, buffer_ptr(b), buffer_len(b));
 
-	EVP_DigestInit(&md, evp_md);
-	EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
-	EVP_DigestFinal(&md, digest, NULL);
+	EVP_DigestInit(md, evp_md);
+	EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+	EVP_DigestFinal(md, digest, NULL);
 
 	buffer_free(b);
 
@@ -434,6 +454,10 @@
 
 	*hashlen = EVP_MD_size(evp_md);
 
+error:
+	if (md)
+		EVP_MD_CTX_free(md);
+
 	return digest;
 }
 
@@ -544,12 +568,16 @@
                           const EVP_MD *evp_md)
 {
 	buffer_t *b;
-	EVP_MD_CTX md;
+	EVP_MD_CTX *md = NULL;
 	char c = id;
 	int have;
 	int mdsz = EVP_MD_size(evp_md);
 	u_char *digest = malloc(roundup(need, mdsz));
 
+	md = EVP_MD_CTX_new();
+	if (md == NULL)
+		goto skip;
+
 	if (digest == NULL)
 		goto skip;
 
@@ -560,12 +588,12 @@
 	buffer_put_bignum2(b, shared_secret);
 
 	/* K1 = HASH(K || H || "A" || session_id) */
-	EVP_DigestInit(&md, evp_md);
-	EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
-	EVP_DigestUpdate(&md, hash, mdsz);
-	EVP_DigestUpdate(&md, &c, 1);
-	EVP_DigestUpdate(&md, session_id, session_id_len);
-	EVP_DigestFinal(&md, digest, NULL);
+	EVP_DigestInit(md, evp_md);
+	EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+	EVP_DigestUpdate(md, hash, mdsz);
+	EVP_DigestUpdate(md, &c, 1);
+	EVP_DigestUpdate(md, session_id, session_id_len);
+	EVP_DigestFinal(md, digest, NULL);
 
 	/*
 	 * expand key:
@@ -573,15 +601,18 @@
 	 * Key = K1 || K2 || ... || Kn
 	 */
 	for (have = mdsz; need > have; have += mdsz) {
-		EVP_DigestInit(&md, evp_md);
-		EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
-		EVP_DigestUpdate(&md, hash, mdsz);
-		EVP_DigestUpdate(&md, digest, have);
-		EVP_DigestFinal(&md, digest + have, NULL);
+		EVP_DigestInit(md, evp_md);
+		EVP_DigestUpdate(md, buffer_ptr(b), buffer_len(b));
+		EVP_DigestUpdate(md, hash, mdsz);
+		EVP_DigestUpdate(md, digest, have);
+		EVP_DigestFinal(md, digest + have, NULL);
 	}
 	buffer_free(b);
 
 skip:;
+	if (md)
+		EVP_MD_CTX_free(md);
+
 	return digest;
 }
 

Modified: branches/openssl_1_1_0/ttssh2/ttxssh/key.c
===================================================================
--- branches/openssl_1_1_0/ttssh2/ttxssh/key.c	2017-01-07 10:41:31 UTC (rev 6562)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/key.c	2017-01-07 14:54:54 UTC (rev 6563)
@@ -80,14 +80,18 @@
 {
 	DSA_SIG *sig;
 	const EVP_MD *evp_md = EVP_sha1();
-	EVP_MD_CTX md;
+	EVP_MD_CTX *md = NULL;
 	unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
 	unsigned int len, dlen;
-	int ret;
+	int ret = -1;
 	char *ptr;
 
 	OpenSSL_add_all_digests();
 
+	md = EVP_MD_CTX_new();
+	if (md == NULL)
+		goto error;
+
 	if (key == NULL) {
 		return -2;
 	}
@@ -129,9 +133,9 @@
 	BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
 
 	/* sha1 the data */
-	EVP_DigestInit(&md, evp_md);
-	EVP_DigestUpdate(&md, data, datalen);
-	EVP_DigestFinal(&md, digest, &dlen);
+	EVP_DigestInit(md, evp_md);
+	EVP_DigestUpdate(md, data, datalen);
+	EVP_DigestFinal(md, digest, &dlen);
 
 	ret = DSA_do_verify(digest, dlen, sig, key);
 	SecureZeroMemory(digest, sizeof(digest));
@@ -138,6 +142,10 @@
 
 	DSA_SIG_free(sig);
 
+error:
+	if (md)
+		EVP_MD_CTX_free(md);
+
 	return ret;
 }
 
@@ -243,16 +251,20 @@
                    u_char *data, u_int datalen)
 {
 	const EVP_MD *evp_md;
-	EVP_MD_CTX md;
+	EVP_MD_CTX *md = NULL;
 	//	char *ktype;
 	u_char digest[EVP_MAX_MD_SIZE], *sigblob;
 	u_int len, dlen, modlen;
 //	int rlen, ret, nid;
-	int ret, nid;
+	int ret = -1, nid;
 	char *ptr;
 
 	OpenSSL_add_all_digests();
 
+	md = EVP_MD_CTX_new();
+	if (md == NULL)
+		goto error;
+
 	if (key == NULL) {
 		return -2;
 	}
@@ -302,9 +314,9 @@
 		//error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
 		return -6;
 	}
-	EVP_DigestInit(&md, evp_md);
-	EVP_DigestUpdate(&md, data, datalen);
-	EVP_DigestFinal(&md, digest, &dlen);
+	EVP_DigestInit(md, evp_md);
+	EVP_DigestUpdate(md, data, datalen);
+	EVP_DigestFinal(md, digest, &dlen);
 
 	ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key);
 
@@ -313,6 +325,10 @@
 	//free(sigblob);
 	//debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
 
+error:
+	if (md)
+		EVP_MD_CTX_free(md);
+
 	return ret;
 }
 
@@ -322,7 +338,7 @@
 {
 	ECDSA_SIG *sig;
 	const EVP_MD *evp_md;
-	EVP_MD_CTX md;
+	EVP_MD_CTX *md = NULL;
 	unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
 	unsigned int len, dlen;
 	int ret, nid = NID_undef;
@@ -330,6 +346,10 @@
 
 	OpenSSL_add_all_digests();
 
+	md = EVP_MD_CTX_new();
+	if (md == NULL)
+		goto error;
+
 	if (key == NULL) {
 		return -2;
 	}
@@ -367,9 +387,9 @@
 	if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
 		return -8;
 	}
-	EVP_DigestInit(&md, evp_md);
-	EVP_DigestUpdate(&md, data, datalen);
-	EVP_DigestFinal(&md, digest, &dlen);
+	EVP_DigestInit(md, evp_md);
+	EVP_DigestUpdate(md, data, datalen);
+	EVP_DigestFinal(md, digest, &dlen);
 
 	ret = ECDSA_do_verify(digest, dlen, sig, key);
 	SecureZeroMemory(digest, sizeof(digest));
@@ -376,6 +396,10 @@
 
 	ECDSA_SIG_free(sig);
 
+error:
+	if (md)
+		EVP_MD_CTX_free(md);
+
 	return ret;
 }
 
@@ -596,7 +620,7 @@
 char* key_fingerprint_raw(Key *k, enum digest_algorithm dgst_alg, int *dgst_raw_length)
 {
 	const EVP_MD *md = NULL;
-	EVP_MD_CTX ctx;
+	EVP_MD_CTX *ctx = NULL;
 	char *blob = NULL;
 	char *retval = NULL;
 	int len = 0;
@@ -603,6 +627,10 @@
 	int nlen, elen;
 	RSA *rsa;
 
+	ctx = EVP_MD_CTX_new();
+	if (ctx == NULL)
+		goto error;
+
 	*dgst_raw_length = 0;
 
 	switch (dgst_alg) {
@@ -657,14 +685,19 @@
 		if (retval == NULL) {
 			// TODO:
 		}
-		EVP_DigestInit(&ctx, md);
-		EVP_DigestUpdate(&ctx, blob, len);
-		EVP_DigestFinal(&ctx, retval, dgst_raw_length);
+		EVP_DigestInit(ctx, md);
+		EVP_DigestUpdate(ctx, blob, len);
+		EVP_DigestFinal(ctx, retval, dgst_raw_length);
 		SecureZeroMemory(blob, len);
 		free(blob);
 	} else {
 		//fatal("key_fingerprint_raw: blob is null");
 	}
+
+error:
+	if (ctx)
+		EVP_MD_CTX_free(ctx);
+
 	return retval;
 }
 
@@ -1443,6 +1476,7 @@
 	buffer_t *msg = NULL;
 	char *s;
 	int ret;
+	EVP_MD_CTX *md = NULL;
 
 	msg = buffer_init();
 	if (msg == NULL) {
@@ -1450,19 +1484,22 @@
 		return FALSE;
 	}
 
+	md = EVP_MD_CTX_new();
+	if (md == NULL)
+		goto error;
+
 	switch (keypair->type) {
 	case KEY_RSA: // RSA
 	{
 		const EVP_MD *evp_md = EVP_sha1();
-		EVP_MD_CTX md;
 		u_char digest[EVP_MAX_MD_SIZE], *sig;
 		u_int slen, dlen, len;
 		int ok, nid = NID_sha1;
 
 		// \x83_\x83C\x83W\x83F\x83X\x83g\x92l\x82̌v\x8EZ
-		EVP_DigestInit(&md, evp_md);
-		EVP_DigestUpdate(&md, data, datalen);
-		EVP_DigestFinal(&md, digest, &dlen);
+		EVP_DigestInit(md, evp_md);
+		EVP_DigestUpdate(md, data, datalen);
+		EVP_DigestFinal(md, digest, &dlen);
 
 		slen = RSA_size(keypair->rsa);
 		sig = malloc(slen);
@@ -1512,14 +1549,13 @@
 	{
 		DSA_SIG *sig;
 		const EVP_MD *evp_md = EVP_sha1();
-		EVP_MD_CTX md;
 		u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
 		u_int rlen, slen, len, dlen;
 
 		// \x83_\x83C\x83W\x83F\x83X\x83g\x82̌v\x8EZ
-		EVP_DigestInit(&md, evp_md);
-		EVP_DigestUpdate(&md, data, datalen);
-		EVP_DigestFinal(&md, digest, &dlen);
+		EVP_DigestInit(md, evp_md);
+		EVP_DigestUpdate(md, data, datalen);
+		EVP_DigestFinal(md, digest, &dlen);
 
 		// DSA\x93d\x8Eq\x8F\x90\x96\xBC\x82\xF0\x8Cv\x8EZ
 		sig = DSA_do_sign(digest, dlen, keypair->dsa);
@@ -1562,7 +1598,6 @@
 	{
 		ECDSA_SIG *sig;
 		const EVP_MD *evp_md;
-		EVP_MD_CTX md;
 		u_char digest[EVP_MAX_MD_SIZE];
 		u_int len, dlen, nid;
 		buffer_t *buf2 = NULL;
@@ -1571,9 +1606,9 @@
 		if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
 			goto error;
 		}
-		EVP_DigestInit(&md, evp_md);
-		EVP_DigestUpdate(&md, data, datalen);
-		EVP_DigestFinal(&md, digest, &dlen);
+		EVP_DigestInit(md, evp_md);
+		EVP_DigestUpdate(md, data, datalen);
+		EVP_DigestFinal(md, digest, &dlen);
 
 		sig = ECDSA_do_sign(digest, dlen, keypair->ecdsa);
 		SecureZeroMemory(digest, sizeof(digest));
@@ -1619,10 +1654,15 @@
 		break;
 	}
 
+	EVP_MD_CTX_free(md);
+
 	buffer_free(msg);
 	return TRUE;
 
 error:
+	if (md)
+		EVP_MD_CTX_free(md);
+
 	buffer_free(msg);
 
 	return FALSE;

Modified: branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c
===================================================================
--- branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c	2017-01-07 10:41:31 UTC (rev 6562)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c	2017-01-07 14:54:54 UTC (rev 6563)
@@ -877,22 +877,26 @@
 	// decrypt prikey with aes256-cbc
 	if (strcmp(encname, "aes256-cbc") == 0) {
 		const EVP_MD *md = EVP_sha1();
-		EVP_MD_CTX ctx;
+		EVP_MD_CTX *ctx = NULL;
 		unsigned char key[40], iv[32];
 		EVP_CIPHER_CTX *cipher_ctx = NULL;
 		char *decrypted = NULL;
 
+		ctx = EVP_MD_CTX_new();
+		if (ctx == NULL)
+			goto error;
+
 		cipher_ctx = EVP_CIPHER_CTX_new();
 
-		EVP_DigestInit(&ctx, md);
-		EVP_DigestUpdate(&ctx, "\0\0\0\0", 4);
-		EVP_DigestUpdate(&ctx, passphrase, strlen(passphrase));
-		EVP_DigestFinal(&ctx, key, &len);
+		EVP_DigestInit(ctx, md);
+		EVP_DigestUpdate(ctx, "\0\0\0\0", 4);
+		EVP_DigestUpdate(ctx, passphrase, strlen(passphrase));
+		EVP_DigestFinal(ctx, key, &len);
 
-		EVP_DigestInit(&ctx, md);
-		EVP_DigestUpdate(&ctx, "\0\0\0\1", 4);
-		EVP_DigestUpdate(&ctx, passphrase, strlen(passphrase));
-		EVP_DigestFinal(&ctx, key + 20, &len);
+		EVP_DigestInit(ctx, md);
+		EVP_DigestUpdate(ctx, "\0\0\0\1", 4);
+		EVP_DigestUpdate(ctx, passphrase, strlen(passphrase));
+		EVP_DigestFinal(ctx, key + 20, &len);
 
 		memset(iv, 0, sizeof(iv));
 
@@ -905,6 +909,7 @@
 			free(decrypted);
 			cipher_cleanup_SSH2(cipher_ctx);
 			EVP_CIPHER_CTX_free(cipher_ctx);
+			EVP_MD_CTX_free(ctx);
 			goto error;
 		}
 		buffer_clear(prikey);
@@ -912,6 +917,7 @@
 		free(decrypted);
 		cipher_cleanup_SSH2(cipher_ctx);
 		EVP_CIPHER_CTX_free(cipher_ctx);
+		EVP_MD_CTX_free(ctx);
 	}
 
 	// verity MAC
@@ -940,44 +946,57 @@
 		unsigned char mackey[20];
 		char header[] = "putty-private-key-file-mac-key";
 		const EVP_MD *md = EVP_sha1();
-		EVP_MD_CTX ctx;
+		EVP_MD_CTX *ctx = NULL;
 
-		EVP_DigestInit(&ctx, md);
-		EVP_DigestUpdate(&ctx, header, sizeof(header)-1);
+		ctx = EVP_MD_CTX_new();
+		if (ctx == NULL)
+			goto error;
+
+		EVP_DigestInit(ctx, md);
+		EVP_DigestUpdate(ctx, header, sizeof(header)-1);
 		len = strlen(passphrase);
 		if (strcmp(encname, "aes256-cbc") == 0 && len > 0) {
-			EVP_DigestUpdate(&ctx, passphrase, len);
+			EVP_DigestUpdate(ctx, passphrase, len);
 		}
-		EVP_DigestFinal(&ctx, mackey, &len);
+		EVP_DigestFinal(ctx, mackey, &len);
+		EVP_MD_CTX_free(ctx);
 
 		//hmac_sha1_simple(mackey, sizeof(mackey), macdata->buf, macdata->len, binary);
 		{
-		EVP_MD_CTX ctx[2];
+		EVP_MD_CTX *ctx[2] = { 0 };
 		unsigned char intermediate[20];
 		unsigned char foo[64];
 		int i;
 
+		ctx[0] = EVP_MD_CTX_new();
+		ctx[1] = EVP_MD_CTX_new();
+		if (ctx[0] == NULL || ctx[1] == NULL)
+			goto error;
+
 		memset(foo, 0x36, sizeof(foo));
 		for (i = 0; i < sizeof(mackey) && i < sizeof(foo); i++) {
 			foo[i] ^= mackey[i];
 		}
-		EVP_DigestInit(&ctx[0], md);
-		EVP_DigestUpdate(&ctx[0], foo, sizeof(foo));
+		EVP_DigestInit(ctx[0], md);
+		EVP_DigestUpdate(ctx[0], foo, sizeof(foo));
 
 		memset(foo, 0x5C, sizeof(foo));
 		for (i = 0; i < sizeof(mackey) && i < sizeof(foo); i++) {
 			foo[i] ^= mackey[i];
 		}
-		EVP_DigestInit(&ctx[1], md);
-		EVP_DigestUpdate(&ctx[1], foo, sizeof(foo));
+		EVP_DigestInit(ctx[1], md);
+		EVP_DigestUpdate(ctx[1], foo, sizeof(foo));
 
 		memset(foo, 0, sizeof(foo));
 
-		EVP_DigestUpdate(&ctx[0], macdata->buf, macdata->len);
-		EVP_DigestFinal(&ctx[0], intermediate, &len);
+		EVP_DigestUpdate(ctx[0], macdata->buf, macdata->len);
+		EVP_DigestFinal(ctx[0], intermediate, &len);
 
-		EVP_DigestUpdate(&ctx[1], intermediate, sizeof(intermediate));
-		EVP_DigestFinal(&ctx[1], binary, &len);
+		EVP_DigestUpdate(ctx[1], intermediate, sizeof(intermediate));
+		EVP_DigestFinal(ctx[1], binary, &len);
+
+		EVP_MD_CTX_free(ctx[0]);
+		EVP_MD_CTX_free(ctx[1]);
 		}
 
 		memset(mackey, 0, sizeof(mackey));



Ttssh2-commit メーリングリストの案内