- djm@cvs.openbsd.org 2013/12/27 22:30:17

[ssh-dss.c ssh-ecdsa.c ssh-rsa.c] make the original RSA and DSA signing/verification code look more like the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type rather than tediously listing all variants, use __func__ for debug/ error messages
author: Damien Miller <djm@mindrot.org> 2013-12-29 17:47:50 +1100
committer: Damien Miller <djm@mindrot.org> 2013-12-29 17:47:50 +1100
commit: 3e19295c3a253c8dc8660cf45baad7f45fccb969 (patch)
tree: e4c9f61c8391f3bce679cfa60f24c7c1c014cc02 /ssh-dss.c
parent: 137977180be6254639e2c90245763e6965f8d815 (diff)
1 files changed, 15 insertions, 14 deletions
diff --git a/ssh-dss.c b/ssh-dss.c
index 322ec9fd8..a6292aa84 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-dss.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: ssh-dss.c,v 1.29 2013/12/27 22:30:17 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -53,11 +53,12 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
        u_int rlen, slen, len, dlen;
        Buffer b;
-        if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA &&
+        if (key == NULL || key_type_plain(key->type) != KEY_DSA ||
-            key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) {
+            key->dsa == NULL) {
-                error("ssh_dss_sign: no DSA key");
+                error("%s: no DSA key", __func__);
                return -1;
        }
        EVP_DigestInit(&md, evp_md);
        EVP_DigestUpdate(&md, data, datalen);
        EVP_DigestFinal(&md, digest, &dlen);
@@ -117,9 +118,9 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
        int rlen, ret;
        Buffer b;
-        if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA &&
+        if (key == NULL || key_type_plain(key->type) != KEY_DSA ||
-            key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) {
+            key->dsa == NULL) {
-                error("ssh_dss_verify: no DSA key");
+                error("%s: no DSA key", __func__);
                return -1;
        }
@@ -135,7 +136,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
                buffer_append(&b, signature, signaturelen);
                ktype = buffer_get_cstring(&b, NULL);
                if (strcmp("ssh-dss", ktype) != 0) {
-                        error("ssh_dss_verify: cannot handle type %s", ktype);
+                        error("%s: cannot handle type %s", __func__, ktype);
                        buffer_free(&b);
                        free(ktype);
                        return -1;
@@ -145,8 +146,8 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
                rlen = buffer_len(&b);
                buffer_free(&b);
                if (rlen != 0) {
-                        error("ssh_dss_verify: "
+                        error("%s: remaining bytes in signature %d",
-                            "remaining bytes in signature %d", rlen);
+                            __func__, rlen);
                        free(sigblob);
                        return -1;
                }
@@ -158,14 +159,14 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
        /* parse signature */
        if ((sig = DSA_SIG_new()) == NULL)
-                fatal("ssh_dss_verify: DSA_SIG_new failed");
+                fatal("%s: DSA_SIG_new failed", __func__);
        if ((sig->r = BN_new()) == NULL)
-                fatal("ssh_dss_verify: BN_new failed");
+                fatal("%s: BN_new failed", __func__);
        if ((sig->s = BN_new()) == NULL)
                fatal("ssh_dss_verify: BN_new failed");
        if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||
            (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL))
-                fatal("ssh_dss_verify: BN_bin2bn failed");
+                fatal("%s: BN_bin2bn failed", __func__);
        /* clean up */
        memset(sigblob, 0, len);
@@ -181,7 +182,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
        DSA_SIG_free(sig);
-        debug("ssh_dss_verify: signature %s",
+        debug("%s: signature %s", __func__,
            ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error");
        return ret;
 }
author	Damien Miller <djm@mindrot.org>	2013-12-29 17:47:50 +1100
committer	Damien Miller <djm@mindrot.org>	2013-12-29 17:47:50 +1100
commit	3e19295c3a253c8dc8660cf45baad7f45fccb969 (patch)
tree	e4c9f61c8391f3bce679cfa60f24c7c1c014cc02 /ssh-dss.c
parent	137977180be6254639e2c90245763e6965f8d815 (diff)

diff --git a/ssh-dss.c b/ssh-dss.c index 322ec9fd8..a6292aa84 100644 --- a/ssh-dss.c +++ b/ssh-dss.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-dss.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */	1	/* $OpenBSD: ssh-dss.c,v 1.29 2013/12/27 22:30:17 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -53,11 +53,12 @@ ssh_dss_sign(const Key key, u_char sigp, u_int lenp,
53	u_int rlen, slen, len, dlen;	53	u_int rlen, slen, len, dlen;
54	Buffer b;	54	Buffer b;
55		55
56	if (key == NULL \|\| key->dsa == NULL \|\| (key->type != KEY_DSA &&	56	if (key == NULL \|\| key_type_plain(key->type) != KEY_DSA \|\|
57	key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) {	57	key->dsa == NULL) {
58	error("ssh_dss_sign: no DSA key");	58	error("%s: no DSA key", __func__);
59	return -1;	59	return -1;
60	}	60	}
		61
61	EVP_DigestInit(&md, evp_md);	62	EVP_DigestInit(&md, evp_md);
62	EVP_DigestUpdate(&md, data, datalen);	63	EVP_DigestUpdate(&md, data, datalen);
63	EVP_DigestFinal(&md, digest, &dlen);	64	EVP_DigestFinal(&md, digest, &dlen);
@@ -117,9 +118,9 @@ ssh_dss_verify(const Key key, const u_char signature, u_int signaturelen,
117	int rlen, ret;	118	int rlen, ret;
118	Buffer b;	119	Buffer b;
119		120
120	if (key == NULL \|\| key->dsa == NULL \|\| (key->type != KEY_DSA &&	121	if (key == NULL \|\| key_type_plain(key->type) != KEY_DSA \|\|
121	key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) {	122	key->dsa == NULL) {
122	error("ssh_dss_verify: no DSA key");	123	error("%s: no DSA key", __func__);
123	return -1;	124	return -1;
124	}	125	}
125		126
@@ -135,7 +136,7 @@ ssh_dss_verify(const Key key, const u_char signature, u_int signaturelen,
135	buffer_append(&b, signature, signaturelen);	136	buffer_append(&b, signature, signaturelen);
136	ktype = buffer_get_cstring(&b, NULL);	137	ktype = buffer_get_cstring(&b, NULL);
137	if (strcmp("ssh-dss", ktype) != 0) {	138	if (strcmp("ssh-dss", ktype) != 0) {
138	error("ssh_dss_verify: cannot handle type %s", ktype);	139	error("%s: cannot handle type %s", __func__, ktype);
139	buffer_free(&b);	140	buffer_free(&b);
140	free(ktype);	141	free(ktype);
141	return -1;	142	return -1;
@@ -145,8 +146,8 @@ ssh_dss_verify(const Key key, const u_char signature, u_int signaturelen,
145	rlen = buffer_len(&b);	146	rlen = buffer_len(&b);
146	buffer_free(&b);	147	buffer_free(&b);
147	if (rlen != 0) {	148	if (rlen != 0) {
148	error("ssh_dss_verify: "	149	error("%s: remaining bytes in signature %d",
149	"remaining bytes in signature %d", rlen);	150	__func__, rlen);
150	free(sigblob);	151	free(sigblob);
151	return -1;	152	return -1;
152	}	153	}
@@ -158,14 +159,14 @@ ssh_dss_verify(const Key key, const u_char signature, u_int signaturelen,
158		159
159	/* parse signature */	160	/* parse signature */
160	if ((sig = DSA_SIG_new()) == NULL)	161	if ((sig = DSA_SIG_new()) == NULL)
161	fatal("ssh_dss_verify: DSA_SIG_new failed");	162	fatal("%s: DSA_SIG_new failed", __func__);
162	if ((sig->r = BN_new()) == NULL)	163	if ((sig->r = BN_new()) == NULL)
163	fatal("ssh_dss_verify: BN_new failed");	164	fatal("%s: BN_new failed", __func__);
164	if ((sig->s = BN_new()) == NULL)	165	if ((sig->s = BN_new()) == NULL)
165	fatal("ssh_dss_verify: BN_new failed");	166	fatal("ssh_dss_verify: BN_new failed");
166	if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) \|\|	167	if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) \|\|
167	(BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL))	168	(BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL))
168	fatal("ssh_dss_verify: BN_bin2bn failed");	169	fatal("%s: BN_bin2bn failed", __func__);
169		170
170	/* clean up */	171	/* clean up */
171	memset(sigblob, 0, len);	172	memset(sigblob, 0, len);
@@ -181,7 +182,7 @@ ssh_dss_verify(const Key key, const u_char signature, u_int signaturelen,
181		182
182	DSA_SIG_free(sig);	183	DSA_SIG_free(sig);
183		184
184	debug("ssh_dss_verify: signature %s",	185	debug("%s: signature %s", __func__,
185	ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error");	186	ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error");
186	return ret;	187	return ret;
187	}	188	}