diff options
| author | Damien Miller <djm@mindrot.org> | 2013-12-29 17:47:50 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-12-29 17:47:50 +1100 |
| commit | 3e19295c3a253c8dc8660cf45baad7f45fccb969 (patch) | |
| tree | e4c9f61c8391f3bce679cfa60f24c7c1c014cc02 | |
| parent | 137977180be6254639e2c90245763e6965f8d815 (diff) | |
- djm@cvs.openbsd.org 2013/12/27 22:30:17
[ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
make the original RSA and DSA signing/verification code look more like
the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
rather than tediously listing all variants, use __func__ for debug/
error messages
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | ssh-dss.c | 29 | ||||
| -rw-r--r-- | ssh-ecdsa.c | 12 | ||||
| -rw-r--r-- | ssh-rsa.c | 39 |
4 files changed, 49 insertions, 37 deletions
| @@ -34,6 +34,12 @@ | |||
| 34 | - tedu@cvs.openbsd.org 2013/12/21 07:10:47 | 34 | - tedu@cvs.openbsd.org 2013/12/21 07:10:47 |
| 35 | [ssh-keygen.1] | 35 | [ssh-keygen.1] |
| 36 | small typo | 36 | small typo |
| 37 | - djm@cvs.openbsd.org 2013/12/27 22:30:17 | ||
| 38 | [ssh-dss.c ssh-ecdsa.c ssh-rsa.c] | ||
| 39 | make the original RSA and DSA signing/verification code look more like | ||
| 40 | the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type | ||
| 41 | rather than tediously listing all variants, use __func__ for debug/ | ||
| 42 | error messages | ||
| 37 | 43 | ||
| 38 | 20131221 | 44 | 20131221 |
| 39 | - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. | 45 | - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-dss.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */ | 1 | /* $OpenBSD: ssh-dss.c,v 1.29 2013/12/27 22:30:17 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -53,11 +53,12 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
| 53 | u_int rlen, slen, len, dlen; | 53 | u_int rlen, slen, len, dlen; |
| 54 | Buffer b; | 54 | Buffer b; |
| 55 | 55 | ||
| 56 | if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && | 56 | if (key == NULL || key_type_plain(key->type) != KEY_DSA || |
| 57 | key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) { | 57 | key->dsa == NULL) { |
| 58 | error("ssh_dss_sign: no DSA key"); | 58 | error("%s: no DSA key", __func__); |
| 59 | return -1; | 59 | return -1; |
| 60 | } | 60 | } |
| 61 | |||
| 61 | EVP_DigestInit(&md, evp_md); | 62 | EVP_DigestInit(&md, evp_md); |
| 62 | EVP_DigestUpdate(&md, data, datalen); | 63 | EVP_DigestUpdate(&md, data, datalen); |
| 63 | EVP_DigestFinal(&md, digest, &dlen); | 64 | EVP_DigestFinal(&md, digest, &dlen); |
| @@ -117,9 +118,9 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 117 | int rlen, ret; | 118 | int rlen, ret; |
| 118 | Buffer b; | 119 | Buffer b; |
| 119 | 120 | ||
| 120 | if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && | 121 | if (key == NULL || key_type_plain(key->type) != KEY_DSA || |
| 121 | key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) { | 122 | key->dsa == NULL) { |
| 122 | error("ssh_dss_verify: no DSA key"); | 123 | error("%s: no DSA key", __func__); |
| 123 | return -1; | 124 | return -1; |
| 124 | } | 125 | } |
| 125 | 126 | ||
| @@ -135,7 +136,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 135 | buffer_append(&b, signature, signaturelen); | 136 | buffer_append(&b, signature, signaturelen); |
| 136 | ktype = buffer_get_cstring(&b, NULL); | 137 | ktype = buffer_get_cstring(&b, NULL); |
| 137 | if (strcmp("ssh-dss", ktype) != 0) { | 138 | if (strcmp("ssh-dss", ktype) != 0) { |
| 138 | error("ssh_dss_verify: cannot handle type %s", ktype); | 139 | error("%s: cannot handle type %s", __func__, ktype); |
| 139 | buffer_free(&b); | 140 | buffer_free(&b); |
| 140 | free(ktype); | 141 | free(ktype); |
| 141 | return -1; | 142 | return -1; |
| @@ -145,8 +146,8 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 145 | rlen = buffer_len(&b); | 146 | rlen = buffer_len(&b); |
| 146 | buffer_free(&b); | 147 | buffer_free(&b); |
| 147 | if (rlen != 0) { | 148 | if (rlen != 0) { |
| 148 | error("ssh_dss_verify: " | 149 | error("%s: remaining bytes in signature %d", |
| 149 | "remaining bytes in signature %d", rlen); | 150 | __func__, rlen); |
| 150 | free(sigblob); | 151 | free(sigblob); |
| 151 | return -1; | 152 | return -1; |
| 152 | } | 153 | } |
| @@ -158,14 +159,14 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 158 | 159 | ||
| 159 | /* parse signature */ | 160 | /* parse signature */ |
| 160 | if ((sig = DSA_SIG_new()) == NULL) | 161 | if ((sig = DSA_SIG_new()) == NULL) |
| 161 | fatal("ssh_dss_verify: DSA_SIG_new failed"); | 162 | fatal("%s: DSA_SIG_new failed", __func__); |
| 162 | if ((sig->r = BN_new()) == NULL) | 163 | if ((sig->r = BN_new()) == NULL) |
| 163 | fatal("ssh_dss_verify: BN_new failed"); | 164 | fatal("%s: BN_new failed", __func__); |
| 164 | if ((sig->s = BN_new()) == NULL) | 165 | if ((sig->s = BN_new()) == NULL) |
| 165 | fatal("ssh_dss_verify: BN_new failed"); | 166 | fatal("ssh_dss_verify: BN_new failed"); |
| 166 | if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || | 167 | if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || |
| 167 | (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) | 168 | (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) |
| 168 | fatal("ssh_dss_verify: BN_bin2bn failed"); | 169 | fatal("%s: BN_bin2bn failed", __func__); |
| 169 | 170 | ||
| 170 | /* clean up */ | 171 | /* clean up */ |
| 171 | memset(sigblob, 0, len); | 172 | memset(sigblob, 0, len); |
| @@ -181,7 +182,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 181 | 182 | ||
| 182 | DSA_SIG_free(sig); | 183 | DSA_SIG_free(sig); |
| 183 | 184 | ||
| 184 | debug("ssh_dss_verify: signature %s", | 185 | debug("%s: signature %s", __func__, |
| 185 | ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); | 186 | ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); |
| 186 | return ret; | 187 | return ret; |
| 187 | } | 188 | } |
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 766338941..52f9e74c0 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-ecdsa.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */ | 1 | /* $OpenBSD: ssh-ecdsa.c,v 1.7 2013/12/27 22:30:17 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
| @@ -54,11 +54,12 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
| 54 | u_int len, dlen; | 54 | u_int len, dlen; |
| 55 | Buffer b, bb; | 55 | Buffer b, bb; |
| 56 | 56 | ||
| 57 | if (key == NULL || key->ecdsa == NULL || | 57 | if (key == NULL || key_type_plain(key->type) != KEY_ECDSA || |
| 58 | (key->type != KEY_ECDSA && key->type != KEY_ECDSA_CERT)) { | 58 | key->ecdsa == NULL) { |
| 59 | error("%s: no ECDSA key", __func__); | 59 | error("%s: no ECDSA key", __func__); |
| 60 | return -1; | 60 | return -1; |
| 61 | } | 61 | } |
| 62 | |||
| 62 | evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid); | 63 | evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid); |
| 63 | EVP_DigestInit(&md, evp_md); | 64 | EVP_DigestInit(&md, evp_md); |
| 64 | EVP_DigestUpdate(&md, data, datalen); | 65 | EVP_DigestUpdate(&md, data, datalen); |
| @@ -105,11 +106,12 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 105 | Buffer b, bb; | 106 | Buffer b, bb; |
| 106 | char *ktype; | 107 | char *ktype; |
| 107 | 108 | ||
| 108 | if (key == NULL || key->ecdsa == NULL || | 109 | if (key == NULL || key_type_plain(key->type) != KEY_ECDSA || |
| 109 | (key->type != KEY_ECDSA && key->type != KEY_ECDSA_CERT)) { | 110 | key->ecdsa == NULL) { |
| 110 | error("%s: no ECDSA key", __func__); | 111 | error("%s: no ECDSA key", __func__); |
| 111 | return -1; | 112 | return -1; |
| 112 | } | 113 | } |
| 114 | |||
| 113 | evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid); | 115 | evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid); |
| 114 | 116 | ||
| 115 | /* fetch signature */ | 117 | /* fetch signature */ |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-rsa.c,v 1.46 2013/05/17 00:13:14 djm Exp $ */ | 1 | /* $OpenBSD: ssh-rsa.c,v 1.47 2013/12/27 22:30:17 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> | 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> |
| 4 | * | 4 | * |
| @@ -47,14 +47,15 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
| 47 | int ok, nid; | 47 | int ok, nid; |
| 48 | Buffer b; | 48 | Buffer b; |
| 49 | 49 | ||
| 50 | if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && | 50 | if (key == NULL || key_type_plain(key->type) != KEY_RSA || |
| 51 | key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { | 51 | key->rsa == NULL) { |
| 52 | error("ssh_rsa_sign: no RSA key"); | 52 | error("%s: no RSA key", __func__); |
| 53 | return -1; | 53 | return -1; |
| 54 | } | 54 | } |
| 55 | |||
| 55 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; | 56 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
| 56 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { | 57 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
| 57 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); | 58 | error("%s: EVP_get_digestbynid %d failed", __func__, nid); |
| 58 | return -1; | 59 | return -1; |
| 59 | } | 60 | } |
| 60 | EVP_DigestInit(&md, evp_md); | 61 | EVP_DigestInit(&md, evp_md); |
| @@ -70,7 +71,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
| 70 | if (ok != 1) { | 71 | if (ok != 1) { |
| 71 | int ecode = ERR_get_error(); | 72 | int ecode = ERR_get_error(); |
| 72 | 73 | ||
| 73 | error("ssh_rsa_sign: RSA_sign failed: %s", | 74 | error("%s: RSA_sign failed: %s", __func__, |
| 74 | ERR_error_string(ecode, NULL)); | 75 | ERR_error_string(ecode, NULL)); |
| 75 | free(sig); | 76 | free(sig); |
| 76 | return -1; | 77 | return -1; |
| @@ -81,7 +82,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
| 81 | memmove(sig + diff, sig, len); | 82 | memmove(sig + diff, sig, len); |
| 82 | memset(sig, 0, diff); | 83 | memset(sig, 0, diff); |
| 83 | } else if (len > slen) { | 84 | } else if (len > slen) { |
| 84 | error("ssh_rsa_sign: slen %u slen2 %u", slen, len); | 85 | error("%s: slen %u slen2 %u", __func__, slen, len); |
| 85 | free(sig); | 86 | free(sig); |
| 86 | return -1; | 87 | return -1; |
| 87 | } | 88 | } |
| @@ -115,21 +116,23 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 115 | u_int len, dlen, modlen; | 116 | u_int len, dlen, modlen; |
| 116 | int rlen, ret, nid; | 117 | int rlen, ret, nid; |
| 117 | 118 | ||
| 118 | if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && | 119 | if (key == NULL || key_type_plain(key->type) != KEY_RSA || |
| 119 | key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { | 120 | key->rsa == NULL) { |
| 120 | error("ssh_rsa_verify: no RSA key"); | 121 | error("%s: no RSA key", __func__); |
| 121 | return -1; | 122 | return -1; |
| 122 | } | 123 | } |
| 124 | |||
| 123 | if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { | 125 | if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { |
| 124 | error("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", | 126 | error("%s: RSA modulus too small: %d < minimum %d bits", |
| 125 | BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); | 127 | __func__, BN_num_bits(key->rsa->n), |
| 128 | SSH_RSA_MINIMUM_MODULUS_SIZE); | ||
| 126 | return -1; | 129 | return -1; |
| 127 | } | 130 | } |
| 128 | buffer_init(&b); | 131 | buffer_init(&b); |
| 129 | buffer_append(&b, signature, signaturelen); | 132 | buffer_append(&b, signature, signaturelen); |
| 130 | ktype = buffer_get_cstring(&b, NULL); | 133 | ktype = buffer_get_cstring(&b, NULL); |
| 131 | if (strcmp("ssh-rsa", ktype) != 0) { | 134 | if (strcmp("ssh-rsa", ktype) != 0) { |
| 132 | error("ssh_rsa_verify: cannot handle type %s", ktype); | 135 | error("%s: cannot handle type %s", __func__, ktype); |
| 133 | buffer_free(&b); | 136 | buffer_free(&b); |
| 134 | free(ktype); | 137 | free(ktype); |
| 135 | return -1; | 138 | return -1; |
| @@ -139,19 +142,19 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 139 | rlen = buffer_len(&b); | 142 | rlen = buffer_len(&b); |
| 140 | buffer_free(&b); | 143 | buffer_free(&b); |
| 141 | if (rlen != 0) { | 144 | if (rlen != 0) { |
| 142 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); | 145 | error("%s: remaining bytes in signature %d", __func__, rlen); |
| 143 | free(sigblob); | 146 | free(sigblob); |
| 144 | return -1; | 147 | return -1; |
| 145 | } | 148 | } |
| 146 | /* RSA_verify expects a signature of RSA_size */ | 149 | /* RSA_verify expects a signature of RSA_size */ |
| 147 | modlen = RSA_size(key->rsa); | 150 | modlen = RSA_size(key->rsa); |
| 148 | if (len > modlen) { | 151 | if (len > modlen) { |
| 149 | error("ssh_rsa_verify: len %u > modlen %u", len, modlen); | 152 | error("%s: len %u > modlen %u", __func__, len, modlen); |
| 150 | free(sigblob); | 153 | free(sigblob); |
| 151 | return -1; | 154 | return -1; |
| 152 | } else if (len < modlen) { | 155 | } else if (len < modlen) { |
| 153 | u_int diff = modlen - len; | 156 | u_int diff = modlen - len; |
| 154 | debug("ssh_rsa_verify: add padding: modlen %u > len %u", | 157 | debug("%s: add padding: modlen %u > len %u", __func__, |
| 155 | modlen, len); | 158 | modlen, len); |
| 156 | sigblob = xrealloc(sigblob, 1, modlen); | 159 | sigblob = xrealloc(sigblob, 1, modlen); |
| 157 | memmove(sigblob + diff, sigblob, len); | 160 | memmove(sigblob + diff, sigblob, len); |
| @@ -160,7 +163,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 160 | } | 163 | } |
| 161 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; | 164 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
| 162 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { | 165 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
| 163 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); | 166 | error("%s: EVP_get_digestbynid %d failed", __func__, nid); |
| 164 | free(sigblob); | 167 | free(sigblob); |
| 165 | return -1; | 168 | return -1; |
| 166 | } | 169 | } |
| @@ -172,7 +175,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 172 | memset(digest, 'd', sizeof(digest)); | 175 | memset(digest, 'd', sizeof(digest)); |
| 173 | memset(sigblob, 's', len); | 176 | memset(sigblob, 's', len); |
| 174 | free(sigblob); | 177 | free(sigblob); |
| 175 | debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); | 178 | debug("%s: signature %scorrect", __func__, (ret == 0) ? "in" : ""); |
| 176 | return ret; | 179 | return ret; |
| 177 | } | 180 | } |
| 178 | 181 | ||