Skip to content

Commit

Permalink
Various warning fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
beldmit committed Oct 20, 2023
1 parent e70c84c commit fee1cd0
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 19 deletions.
26 changes: 7 additions & 19 deletions ssh-ecdsa-sk.c
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,6 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
struct sshkey_sig_details **detailsp)
{
ECDSA_SIG *esig = NULL;
EVP_MD_CTX *md_ctx = NULL;
BIGNUM *sig_r = NULL, *sig_s = NULL;
u_char sig_flags;
u_char msghash[32], apphash[32];
Expand Down Expand Up @@ -376,8 +375,7 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
if ((sigb = malloc(len)) == NULL ||
(md_ctx = EVP_MD_CTX_new()) == NULL) {
if ((sigb = malloc(len)) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
Expand All @@ -386,22 +384,13 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
if (EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL,
key->pkey) != 1) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
switch(EVP_DigestVerify(md_ctx, sigb, len, sshbuf_ptr(original_signed), sshbuf_len(original_signed))) {
case 1:
ret = 0;
break;
case 0:
ret = SSH_ERR_SIGNATURE_INVALID;
goto out;
default:
ret = SSH_ERR_LIBCRYPTO_ERROR;
ret = sshkey_verify_signature(key->pkey, SSH_DIGEST_SHA256,
sshbuf_ptr(original_signed), sshbuf_len(original_signed),
sigb, len);

if (ret != 0)
goto out;
}

/* success */
if (detailsp != NULL) {
*detailsp = details;
Expand All @@ -424,7 +413,6 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
BN_clear_free(sig_s);
free(ktype);
free(sigb);
EVP_MD_CTX_free(md_ctx);
return ret;
}

Expand Down
2 changes: 2 additions & 0 deletions ssh-keygen.c
Original file line number Diff line number Diff line change
Expand Up @@ -804,6 +804,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private)
(*k)->type = KEY_DSA;
(*k)->dsa = EVP_PKEY_get1_DSA(pubkey);
break;
#ifdef OPENSSL_HAS_ECC
case EVP_PKEY_EC:
if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
fatal("sshkey_new failed");
Expand All @@ -812,6 +813,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private)
pubkey = NULL;
(*k)->ecdsa_nid = sshkey_ecdsa_key_to_nid((*k)->pkey);
break;
#endif
default:
fatal_f("unsupported pubkey type %d",
EVP_PKEY_base_id(pubkey));
Expand Down
2 changes: 2 additions & 0 deletions sshkey.c
Original file line number Diff line number Diff line change
Expand Up @@ -1427,6 +1427,7 @@ sshkey_check_rsa_length(const struct sshkey *k, int min_size)

#ifdef WITH_OPENSSL
# ifdef OPENSSL_HAS_ECC
# if OPENSSL_VERSION_NUMBER < 0x30000000L
static int
sshkey_ec_key_to_nid(EC_KEY *k)
{
Expand Down Expand Up @@ -1470,6 +1471,7 @@ sshkey_ec_key_to_nid(EC_KEY *k)
}
return nids[i];
}
#endif

int
sshkey_ecdsa_key_to_nid(EVP_PKEY *pkey)
Expand Down
15 changes: 15 additions & 0 deletions sshkey.h
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,18 @@
# ifdef OPENSSL_HAS_ECC
# include <openssl/ecdsa.h>
# else /* OPENSSL_HAS_ECC */
# define EC_KEY void
# define EC_GROUP void
# define EC_POINT void
# endif /* OPENSSL_HAS_ECC */
#define SSH_OPENSSL_VERSION OpenSSL_version(OPENSSL_VERSION)
#else /* WITH_OPENSSL */
# define BIGNUM void
# define EVP_PKEY void
# define DSA void
# define EC_KEY void
# define EC_GROUP void
# define EC_POINT void
#define SSH_OPENSSL_VERSION "without OpenSSL"
#endif /* WITH_OPENSSL */

Expand Down Expand Up @@ -256,6 +262,8 @@ u_int sshkey_curve_nid_to_bits(int);
int sshkey_ecdsa_bits_to_nid(int);
int sshkey_ecdsa_key_to_nid(EVP_PKEY *);
int sshkey_ec_nid_to_hash_alg(int nid);
int sshkey_ec_validate_public(const EC_GROUP *, const EC_POINT *);
int sshkey_ec_validate_private(const EC_KEY *);
const char *sshkey_ssh_name(const struct sshkey *);
const char *sshkey_ssh_name_plain(const struct sshkey *);
int sshkey_names_valid2(const char *, int, int);
Expand Down Expand Up @@ -350,6 +358,13 @@ int pkcs11_get_ecdsa_idx(void);
#if !defined(WITH_OPENSSL)
# undef EVP_PKEY
# undef DSA
# undef EC_KEY
# undef EC_GROUP
# undef EC_POINT
#elif !defined(OPENSSL_HAS_ECC)
# undef EC_KEY
# undef EC_GROUP
# undef EC_POINT
#endif

#endif /* SSHKEY_H */

0 comments on commit fee1cd0

Please sign in to comment.