diff options
| author | Damien Miller <djm@mindrot.org> | 2013-12-29 17:47:50 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-12-29 17:47:50 +1100 |
| commit | 3e19295c3a253c8dc8660cf45baad7f45fccb969 (patch) | |
| tree | e4c9f61c8391f3bce679cfa60f24c7c1c014cc02 /ssh-rsa.c | |
| parent | 137977180be6254639e2c90245763e6965f8d815 (diff) | |
- djm@cvs.openbsd.org 2013/12/27 22:30:17
[ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
make the original RSA and DSA signing/verification code look more like
the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
rather than tediously listing all variants, use __func__ for debug/
error messages
Diffstat (limited to 'ssh-rsa.c')
| -rw-r--r-- | ssh-rsa.c | 39 |
1 files changed, 21 insertions, 18 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-rsa.c,v 1.46 2013/05/17 00:13:14 djm Exp $ */ | 1 | /* $OpenBSD: ssh-rsa.c,v 1.47 2013/12/27 22:30:17 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> | 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> |
| 4 | * | 4 | * |
| @@ -47,14 +47,15 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
| 47 | int ok, nid; | 47 | int ok, nid; |
| 48 | Buffer b; | 48 | Buffer b; |
| 49 | 49 | ||
| 50 | if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && | 50 | if (key == NULL || key_type_plain(key->type) != KEY_RSA || |
| 51 | key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { | 51 | key->rsa == NULL) { |
| 52 | error("ssh_rsa_sign: no RSA key"); | 52 | error("%s: no RSA key", __func__); |
| 53 | return -1; | 53 | return -1; |
| 54 | } | 54 | } |
| 55 | |||
| 55 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; | 56 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
| 56 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { | 57 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
| 57 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); | 58 | error("%s: EVP_get_digestbynid %d failed", __func__, nid); |
| 58 | return -1; | 59 | return -1; |
| 59 | } | 60 | } |
| 60 | EVP_DigestInit(&md, evp_md); | 61 | EVP_DigestInit(&md, evp_md); |
| @@ -70,7 +71,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
| 70 | if (ok != 1) { | 71 | if (ok != 1) { |
| 71 | int ecode = ERR_get_error(); | 72 | int ecode = ERR_get_error(); |
| 72 | 73 | ||
| 73 | error("ssh_rsa_sign: RSA_sign failed: %s", | 74 | error("%s: RSA_sign failed: %s", __func__, |
| 74 | ERR_error_string(ecode, NULL)); | 75 | ERR_error_string(ecode, NULL)); |
| 75 | free(sig); | 76 | free(sig); |
| 76 | return -1; | 77 | return -1; |
| @@ -81,7 +82,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
| 81 | memmove(sig + diff, sig, len); | 82 | memmove(sig + diff, sig, len); |
| 82 | memset(sig, 0, diff); | 83 | memset(sig, 0, diff); |
| 83 | } else if (len > slen) { | 84 | } else if (len > slen) { |
| 84 | error("ssh_rsa_sign: slen %u slen2 %u", slen, len); | 85 | error("%s: slen %u slen2 %u", __func__, slen, len); |
| 85 | free(sig); | 86 | free(sig); |
| 86 | return -1; | 87 | return -1; |
| 87 | } | 88 | } |
| @@ -115,21 +116,23 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 115 | u_int len, dlen, modlen; | 116 | u_int len, dlen, modlen; |
| 116 | int rlen, ret, nid; | 117 | int rlen, ret, nid; |
| 117 | 118 | ||
| 118 | if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && | 119 | if (key == NULL || key_type_plain(key->type) != KEY_RSA || |
| 119 | key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { | 120 | key->rsa == NULL) { |
| 120 | error("ssh_rsa_verify: no RSA key"); | 121 | error("%s: no RSA key", __func__); |
| 121 | return -1; | 122 | return -1; |
| 122 | } | 123 | } |
| 124 | |||
| 123 | if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { | 125 | if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { |
| 124 | error("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", | 126 | error("%s: RSA modulus too small: %d < minimum %d bits", |
| 125 | BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); | 127 | __func__, BN_num_bits(key->rsa->n), |
| 128 | SSH_RSA_MINIMUM_MODULUS_SIZE); | ||
| 126 | return -1; | 129 | return -1; |
| 127 | } | 130 | } |
| 128 | buffer_init(&b); | 131 | buffer_init(&b); |
| 129 | buffer_append(&b, signature, signaturelen); | 132 | buffer_append(&b, signature, signaturelen); |
| 130 | ktype = buffer_get_cstring(&b, NULL); | 133 | ktype = buffer_get_cstring(&b, NULL); |
| 131 | if (strcmp("ssh-rsa", ktype) != 0) { | 134 | if (strcmp("ssh-rsa", ktype) != 0) { |
| 132 | error("ssh_rsa_verify: cannot handle type %s", ktype); | 135 | error("%s: cannot handle type %s", __func__, ktype); |
| 133 | buffer_free(&b); | 136 | buffer_free(&b); |
| 134 | free(ktype); | 137 | free(ktype); |
| 135 | return -1; | 138 | return -1; |
| @@ -139,19 +142,19 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 139 | rlen = buffer_len(&b); | 142 | rlen = buffer_len(&b); |
| 140 | buffer_free(&b); | 143 | buffer_free(&b); |
| 141 | if (rlen != 0) { | 144 | if (rlen != 0) { |
| 142 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); | 145 | error("%s: remaining bytes in signature %d", __func__, rlen); |
| 143 | free(sigblob); | 146 | free(sigblob); |
| 144 | return -1; | 147 | return -1; |
| 145 | } | 148 | } |
| 146 | /* RSA_verify expects a signature of RSA_size */ | 149 | /* RSA_verify expects a signature of RSA_size */ |
| 147 | modlen = RSA_size(key->rsa); | 150 | modlen = RSA_size(key->rsa); |
| 148 | if (len > modlen) { | 151 | if (len > modlen) { |
| 149 | error("ssh_rsa_verify: len %u > modlen %u", len, modlen); | 152 | error("%s: len %u > modlen %u", __func__, len, modlen); |
| 150 | free(sigblob); | 153 | free(sigblob); |
| 151 | return -1; | 154 | return -1; |
| 152 | } else if (len < modlen) { | 155 | } else if (len < modlen) { |
| 153 | u_int diff = modlen - len; | 156 | u_int diff = modlen - len; |
| 154 | debug("ssh_rsa_verify: add padding: modlen %u > len %u", | 157 | debug("%s: add padding: modlen %u > len %u", __func__, |
| 155 | modlen, len); | 158 | modlen, len); |
| 156 | sigblob = xrealloc(sigblob, 1, modlen); | 159 | sigblob = xrealloc(sigblob, 1, modlen); |
| 157 | memmove(sigblob + diff, sigblob, len); | 160 | memmove(sigblob + diff, sigblob, len); |
| @@ -160,7 +163,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 160 | } | 163 | } |
| 161 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; | 164 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
| 162 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { | 165 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
| 163 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); | 166 | error("%s: EVP_get_digestbynid %d failed", __func__, nid); |
| 164 | free(sigblob); | 167 | free(sigblob); |
| 165 | return -1; | 168 | return -1; |
| 166 | } | 169 | } |
| @@ -172,7 +175,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 172 | memset(digest, 'd', sizeof(digest)); | 175 | memset(digest, 'd', sizeof(digest)); |
| 173 | memset(sigblob, 's', len); | 176 | memset(sigblob, 's', len); |
| 174 | free(sigblob); | 177 | free(sigblob); |
| 175 | debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); | 178 | debug("%s: signature %scorrect", __func__, (ret == 0) ? "in" : ""); |
| 176 | return ret; | 179 | return ret; |
| 177 | } | 180 | } |
| 178 | 181 | ||