diff options
author | Damien Miller <djm@mindrot.org> | 2013-12-29 17:47:50 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2013-12-29 17:47:50 +1100 |
commit | 3e19295c3a253c8dc8660cf45baad7f45fccb969 (patch) | |
tree | e4c9f61c8391f3bce679cfa60f24c7c1c014cc02 /ssh-dss.c | |
parent | 137977180be6254639e2c90245763e6965f8d815 (diff) |
- djm@cvs.openbsd.org 2013/12/27 22:30:17
[ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
make the original RSA and DSA signing/verification code look more like
the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
rather than tediously listing all variants, use __func__ for debug/
error messages
Diffstat (limited to 'ssh-dss.c')
-rw-r--r-- | ssh-dss.c | 29 |
1 files changed, 15 insertions, 14 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-dss.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */ | 1 | /* $OpenBSD: ssh-dss.c,v 1.29 2013/12/27 22:30:17 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -53,11 +53,12 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
53 | u_int rlen, slen, len, dlen; | 53 | u_int rlen, slen, len, dlen; |
54 | Buffer b; | 54 | Buffer b; |
55 | 55 | ||
56 | if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && | 56 | if (key == NULL || key_type_plain(key->type) != KEY_DSA || |
57 | key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) { | 57 | key->dsa == NULL) { |
58 | error("ssh_dss_sign: no DSA key"); | 58 | error("%s: no DSA key", __func__); |
59 | return -1; | 59 | return -1; |
60 | } | 60 | } |
61 | |||
61 | EVP_DigestInit(&md, evp_md); | 62 | EVP_DigestInit(&md, evp_md); |
62 | EVP_DigestUpdate(&md, data, datalen); | 63 | EVP_DigestUpdate(&md, data, datalen); |
63 | EVP_DigestFinal(&md, digest, &dlen); | 64 | EVP_DigestFinal(&md, digest, &dlen); |
@@ -117,9 +118,9 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
117 | int rlen, ret; | 118 | int rlen, ret; |
118 | Buffer b; | 119 | Buffer b; |
119 | 120 | ||
120 | if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && | 121 | if (key == NULL || key_type_plain(key->type) != KEY_DSA || |
121 | key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) { | 122 | key->dsa == NULL) { |
122 | error("ssh_dss_verify: no DSA key"); | 123 | error("%s: no DSA key", __func__); |
123 | return -1; | 124 | return -1; |
124 | } | 125 | } |
125 | 126 | ||
@@ -135,7 +136,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
135 | buffer_append(&b, signature, signaturelen); | 136 | buffer_append(&b, signature, signaturelen); |
136 | ktype = buffer_get_cstring(&b, NULL); | 137 | ktype = buffer_get_cstring(&b, NULL); |
137 | if (strcmp("ssh-dss", ktype) != 0) { | 138 | if (strcmp("ssh-dss", ktype) != 0) { |
138 | error("ssh_dss_verify: cannot handle type %s", ktype); | 139 | error("%s: cannot handle type %s", __func__, ktype); |
139 | buffer_free(&b); | 140 | buffer_free(&b); |
140 | free(ktype); | 141 | free(ktype); |
141 | return -1; | 142 | return -1; |
@@ -145,8 +146,8 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
145 | rlen = buffer_len(&b); | 146 | rlen = buffer_len(&b); |
146 | buffer_free(&b); | 147 | buffer_free(&b); |
147 | if (rlen != 0) { | 148 | if (rlen != 0) { |
148 | error("ssh_dss_verify: " | 149 | error("%s: remaining bytes in signature %d", |
149 | "remaining bytes in signature %d", rlen); | 150 | __func__, rlen); |
150 | free(sigblob); | 151 | free(sigblob); |
151 | return -1; | 152 | return -1; |
152 | } | 153 | } |
@@ -158,14 +159,14 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
158 | 159 | ||
159 | /* parse signature */ | 160 | /* parse signature */ |
160 | if ((sig = DSA_SIG_new()) == NULL) | 161 | if ((sig = DSA_SIG_new()) == NULL) |
161 | fatal("ssh_dss_verify: DSA_SIG_new failed"); | 162 | fatal("%s: DSA_SIG_new failed", __func__); |
162 | if ((sig->r = BN_new()) == NULL) | 163 | if ((sig->r = BN_new()) == NULL) |
163 | fatal("ssh_dss_verify: BN_new failed"); | 164 | fatal("%s: BN_new failed", __func__); |
164 | if ((sig->s = BN_new()) == NULL) | 165 | if ((sig->s = BN_new()) == NULL) |
165 | fatal("ssh_dss_verify: BN_new failed"); | 166 | fatal("ssh_dss_verify: BN_new failed"); |
166 | if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || | 167 | if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || |
167 | (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) | 168 | (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) |
168 | fatal("ssh_dss_verify: BN_bin2bn failed"); | 169 | fatal("%s: BN_bin2bn failed", __func__); |
169 | 170 | ||
170 | /* clean up */ | 171 | /* clean up */ |
171 | memset(sigblob, 0, len); | 172 | memset(sigblob, 0, len); |
@@ -181,7 +182,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
181 | 182 | ||
182 | DSA_SIG_free(sig); | 183 | DSA_SIG_free(sig); |
183 | 184 | ||
184 | debug("ssh_dss_verify: signature %s", | 185 | debug("%s: signature %s", __func__, |
185 | ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); | 186 | ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); |
186 | return ret; | 187 | return ret; |
187 | } | 188 | } |