diff options
Diffstat (limited to 'ssh-dss.c')
-rw-r--r-- | ssh-dss.c | 57 |
1 files changed, 13 insertions, 44 deletions
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-dss.c,v 1.6 2001/02/08 19:30:52 itojun Exp $"); | 26 | RCSID("$OpenBSD: ssh-dss.c,v 1.7 2001/06/06 23:13:54 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/evp.h> | 29 | #include <openssl/evp.h> |
@@ -45,15 +45,11 @@ ssh_dss_sign( | |||
45 | u_char **sigp, int *lenp, | 45 | u_char **sigp, int *lenp, |
46 | u_char *data, int datalen) | 46 | u_char *data, int datalen) |
47 | { | 47 | { |
48 | u_char *digest; | ||
49 | u_char *ret; | ||
50 | DSA_SIG *sig; | 48 | DSA_SIG *sig; |
51 | EVP_MD *evp_md = EVP_sha1(); | 49 | EVP_MD *evp_md = EVP_sha1(); |
52 | EVP_MD_CTX md; | 50 | EVP_MD_CTX md; |
53 | u_int rlen; | 51 | u_char *digest, *ret, sigblob[SIGBLOB_LEN]; |
54 | u_int slen; | 52 | u_int rlen, slen, len, dlen; |
55 | u_int len, dlen; | ||
56 | u_char sigblob[SIGBLOB_LEN]; | ||
57 | Buffer b; | 53 | Buffer b; |
58 | 54 | ||
59 | if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { | 55 | if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { |
@@ -67,11 +63,13 @@ ssh_dss_sign( | |||
67 | EVP_DigestFinal(&md, digest, NULL); | 63 | EVP_DigestFinal(&md, digest, NULL); |
68 | 64 | ||
69 | sig = DSA_do_sign(digest, dlen, key->dsa); | 65 | sig = DSA_do_sign(digest, dlen, key->dsa); |
70 | if (sig == NULL) { | 66 | |
71 | fatal("ssh_dss_sign: cannot sign"); | ||
72 | } | ||
73 | memset(digest, 0, dlen); | 67 | memset(digest, 0, dlen); |
74 | xfree(digest); | 68 | xfree(digest); |
69 | if (sig == NULL) { | ||
70 | error("ssh_dss_sign: sign failed"); | ||
71 | return -1; | ||
72 | } | ||
75 | 73 | ||
76 | rlen = BN_num_bytes(sig->r); | 74 | rlen = BN_num_bytes(sig->r); |
77 | slen = BN_num_bytes(sig->s); | 75 | slen = BN_num_bytes(sig->s); |
@@ -80,15 +78,12 @@ ssh_dss_sign( | |||
80 | DSA_SIG_free(sig); | 78 | DSA_SIG_free(sig); |
81 | return -1; | 79 | return -1; |
82 | } | 80 | } |
83 | debug("sig size %d %d", rlen, slen); | ||
84 | |||
85 | memset(sigblob, 0, SIGBLOB_LEN); | 81 | memset(sigblob, 0, SIGBLOB_LEN); |
86 | BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); | 82 | BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); |
87 | BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); | 83 | BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); |
88 | DSA_SIG_free(sig); | 84 | DSA_SIG_free(sig); |
89 | 85 | ||
90 | if (datafellows & SSH_BUG_SIGBLOB) { | 86 | if (datafellows & SSH_BUG_SIGBLOB) { |
91 | debug("datafellows"); | ||
92 | ret = xmalloc(SIGBLOB_LEN); | 87 | ret = xmalloc(SIGBLOB_LEN); |
93 | memcpy(ret, sigblob, SIGBLOB_LEN); | 88 | memcpy(ret, sigblob, SIGBLOB_LEN); |
94 | if (lenp != NULL) | 89 | if (lenp != NULL) |
@@ -117,34 +112,19 @@ ssh_dss_verify( | |||
117 | u_char *signature, int signaturelen, | 112 | u_char *signature, int signaturelen, |
118 | u_char *data, int datalen) | 113 | u_char *data, int datalen) |
119 | { | 114 | { |
120 | Buffer b; | ||
121 | u_char *digest; | ||
122 | DSA_SIG *sig; | 115 | DSA_SIG *sig; |
123 | EVP_MD *evp_md = EVP_sha1(); | 116 | EVP_MD *evp_md = EVP_sha1(); |
124 | EVP_MD_CTX md; | 117 | EVP_MD_CTX md; |
125 | u_char *sigblob; | 118 | u_char *digest, *sigblob; |
126 | char *txt; | ||
127 | u_int len, dlen; | 119 | u_int len, dlen; |
128 | int rlen; | 120 | int rlen, ret; |
129 | int ret; | 121 | Buffer b; |
130 | 122 | ||
131 | if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { | 123 | if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { |
132 | error("ssh_dss_verify: no DSA key"); | 124 | error("ssh_dss_verify: no DSA key"); |
133 | return -1; | 125 | return -1; |
134 | } | 126 | } |
135 | 127 | ||
136 | if (!(datafellows & SSH_BUG_SIGBLOB) && | ||
137 | signaturelen == SIGBLOB_LEN) { | ||
138 | datafellows |= ~SSH_BUG_SIGBLOB; | ||
139 | log("autodetect SSH_BUG_SIGBLOB"); | ||
140 | } else if ((datafellows & SSH_BUG_SIGBLOB) && | ||
141 | signaturelen != SIGBLOB_LEN) { | ||
142 | log("autoremove SSH_BUG_SIGBLOB"); | ||
143 | datafellows &= ~SSH_BUG_SIGBLOB; | ||
144 | } | ||
145 | |||
146 | debug("len %d datafellows %d", signaturelen, datafellows); | ||
147 | |||
148 | /* fetch signature */ | 128 | /* fetch signature */ |
149 | if (datafellows & SSH_BUG_SIGBLOB) { | 129 | if (datafellows & SSH_BUG_SIGBLOB) { |
150 | sigblob = signature; | 130 | sigblob = signature; |
@@ -200,18 +180,7 @@ ssh_dss_verify( | |||
200 | xfree(digest); | 180 | xfree(digest); |
201 | DSA_SIG_free(sig); | 181 | DSA_SIG_free(sig); |
202 | 182 | ||
203 | switch (ret) { | 183 | debug("ssh_dss_verify: signature %s", |
204 | case 1: | 184 | ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); |
205 | txt = "correct"; | ||
206 | break; | ||
207 | case 0: | ||
208 | txt = "incorrect"; | ||
209 | break; | ||
210 | case -1: | ||
211 | default: | ||
212 | txt = "error"; | ||
213 | break; | ||
214 | } | ||
215 | debug("ssh_dss_verify: signature %s", txt); | ||
216 | return ret; | 185 | return ret; |
217 | } | 186 | } |