aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssh/ssh-dss.c
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2002-03-18 09:55:03 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2002-03-18 09:55:03 +0000
commitae1f160d56b2d59d406f1af34cbdcc88a9e1b914 (patch)
tree7ac239d263df7247abaf6488a321dac17f2ebce9 /crypto/openssh/ssh-dss.c
parent1e8db6e2f63ea90b361b3bbc9ebe9990660cb596 (diff)
downloadsrc-ae1f160d56b2d59d406f1af34cbdcc88a9e1b914.tar.gz
src-ae1f160d56b2d59d406f1af34cbdcc88a9e1b914.zip
Vendor import of OpenSSH 3.1
Notes
Notes: svn path=/vendor-crypto/openssh/dist/; revision=92555
Diffstat (limited to 'crypto/openssh/ssh-dss.c')
-rw-r--r--crypto/openssh/ssh-dss.c104
1 files changed, 36 insertions, 68 deletions
diff --git a/crypto/openssh/ssh-dss.c b/crypto/openssh/ssh-dss.c
index adc8f983e092..02403f550afc 100644
--- a/crypto/openssh/ssh-dss.c
+++ b/crypto/openssh/ssh-dss.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.6 2001/02/08 19:30:52 itojun Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $");
#include <openssl/bn.h>
#include <openssl/evp.h>
@@ -42,36 +42,31 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.6 2001/02/08 19:30:52 itojun Exp $");
int
ssh_dss_sign(
Key *key,
- u_char **sigp, int *lenp,
- u_char *data, int datalen)
+ u_char **sigp, u_int *lenp,
+ u_char *data, u_int datalen)
{
- u_char *digest;
- u_char *ret;
DSA_SIG *sig;
- EVP_MD *evp_md = EVP_sha1();
+ const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
- u_int rlen;
- u_int slen;
- u_int len, dlen;
- u_char sigblob[SIGBLOB_LEN];
+ u_char *ret, digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
+ u_int rlen, slen, len, dlen;
Buffer b;
if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) {
error("ssh_dss_sign: no DSA key");
return -1;
}
- dlen = evp_md->md_size;
- digest = xmalloc(dlen);
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestFinal(&md, digest, &dlen);
sig = DSA_do_sign(digest, dlen, key->dsa);
+ memset(digest, 'd', sizeof(digest));
+
if (sig == NULL) {
- fatal("ssh_dss_sign: cannot sign");
+ error("ssh_dss_sign: sign failed");
+ return -1;
}
- memset(digest, 0, dlen);
- xfree(digest);
rlen = BN_num_bytes(sig->r);
slen = BN_num_bytes(sig->s);
@@ -80,15 +75,12 @@ ssh_dss_sign(
DSA_SIG_free(sig);
return -1;
}
- debug("sig size %d %d", rlen, slen);
-
memset(sigblob, 0, SIGBLOB_LEN);
BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
DSA_SIG_free(sig);
if (datafellows & SSH_BUG_SIGBLOB) {
- debug("datafellows");
ret = xmalloc(SIGBLOB_LEN);
memcpy(ret, sigblob, SIGBLOB_LEN);
if (lenp != NULL)
@@ -114,37 +106,22 @@ ssh_dss_sign(
int
ssh_dss_verify(
Key *key,
- u_char *signature, int signaturelen,
- u_char *data, int datalen)
+ u_char *signature, u_int signaturelen,
+ u_char *data, u_int datalen)
{
- Buffer b;
- u_char *digest;
DSA_SIG *sig;
- EVP_MD *evp_md = EVP_sha1();
+ const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
- u_char *sigblob;
- char *txt;
+ u_char digest[EVP_MAX_MD_SIZE], *sigblob;
u_int len, dlen;
- int rlen;
- int ret;
+ int rlen, ret;
+ Buffer b;
if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) {
error("ssh_dss_verify: no DSA key");
return -1;
}
- if (!(datafellows & SSH_BUG_SIGBLOB) &&
- signaturelen == SIGBLOB_LEN) {
- datafellows |= ~SSH_BUG_SIGBLOB;
- log("autodetect SSH_BUG_SIGBLOB");
- } else if ((datafellows & SSH_BUG_SIGBLOB) &&
- signaturelen != SIGBLOB_LEN) {
- log("autoremove SSH_BUG_SIGBLOB");
- datafellows &= ~SSH_BUG_SIGBLOB;
- }
-
- debug("len %d datafellows %d", signaturelen, datafellows);
-
/* fetch signature */
if (datafellows & SSH_BUG_SIGBLOB) {
sigblob = signature;
@@ -153,22 +130,24 @@ ssh_dss_verify(
/* ietf-drafts */
char *ktype;
buffer_init(&b);
- buffer_append(&b, (char *) signature, signaturelen);
+ buffer_append(&b, signature, signaturelen);
ktype = buffer_get_string(&b, NULL);
if (strcmp("ssh-dss", ktype) != 0) {
error("ssh_dss_verify: cannot handle type %s", ktype);
buffer_free(&b);
+ xfree(ktype);
return -1;
}
- sigblob = (u_char *)buffer_get_string(&b, &len);
+ xfree(ktype);
+ sigblob = buffer_get_string(&b, &len);
rlen = buffer_len(&b);
- if(rlen != 0) {
- error("remaining bytes in signature %d", rlen);
- buffer_free(&b);
+ buffer_free(&b);
+ if (rlen != 0) {
+ error("ssh_dss_verify: "
+ "remaining bytes in signature %d", rlen);
+ xfree(sigblob);
return -1;
}
- buffer_free(&b);
- xfree(ktype);
}
if (len != SIGBLOB_LEN) {
@@ -176,9 +155,12 @@ ssh_dss_verify(
}
/* parse signature */
- sig = DSA_SIG_new();
- sig->r = BN_new();
- sig->s = BN_new();
+ if ((sig = DSA_SIG_new()) == NULL)
+ fatal("ssh_dss_verify: DSA_SIG_new failed");
+ if ((sig->r = BN_new()) == NULL)
+ fatal("ssh_dss_verify: BN_new failed");
+ if ((sig->s = BN_new()) == NULL)
+ fatal("ssh_dss_verify: BN_new failed");
BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
@@ -188,30 +170,16 @@ ssh_dss_verify(
}
/* sha1 the data */
- dlen = evp_md->md_size;
- digest = xmalloc(dlen);
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, NULL);
+ EVP_DigestFinal(&md, digest, &dlen);
ret = DSA_do_verify(digest, dlen, sig, key->dsa);
+ memset(digest, 'd', sizeof(digest));
- memset(digest, 0, dlen);
- xfree(digest);
DSA_SIG_free(sig);
- switch (ret) {
- case 1:
- txt = "correct";
- break;
- case 0:
- txt = "incorrect";
- break;
- case -1:
- default:
- txt = "error";
- break;
- }
- debug("ssh_dss_verify: signature %s", txt);
+ debug("ssh_dss_verify: signature %s",
+ ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error");
return ret;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-22 11:54:37 +0000