version 1.28, 2013/05/17 00:13:14 |
version 1.29, 2013/12/27 22:30:17 |
|
|
u_int rlen, slen, len, dlen; |
u_int rlen, slen, len, dlen; |
Buffer b; |
Buffer b; |
|
|
if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && |
if (key == NULL || key_type_plain(key->type) != KEY_DSA || |
key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) { |
key->dsa == NULL) { |
error("ssh_dss_sign: no DSA key"); |
error("%s: no DSA key", __func__); |
return -1; |
return -1; |
} |
} |
|
|
EVP_DigestInit(&md, evp_md); |
EVP_DigestInit(&md, evp_md); |
EVP_DigestUpdate(&md, data, datalen); |
EVP_DigestUpdate(&md, data, datalen); |
EVP_DigestFinal(&md, digest, &dlen); |
EVP_DigestFinal(&md, digest, &dlen); |
|
|
int rlen, ret; |
int rlen, ret; |
Buffer b; |
Buffer b; |
|
|
if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && |
if (key == NULL || key_type_plain(key->type) != KEY_DSA || |
key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) { |
key->dsa == NULL) { |
error("ssh_dss_verify: no DSA key"); |
error("%s: no DSA key", __func__); |
return -1; |
return -1; |
} |
} |
|
|
|
|
buffer_append(&b, signature, signaturelen); |
buffer_append(&b, signature, signaturelen); |
ktype = buffer_get_cstring(&b, NULL); |
ktype = buffer_get_cstring(&b, NULL); |
if (strcmp("ssh-dss", ktype) != 0) { |
if (strcmp("ssh-dss", ktype) != 0) { |
error("ssh_dss_verify: cannot handle type %s", ktype); |
error("%s: cannot handle type %s", __func__, ktype); |
buffer_free(&b); |
buffer_free(&b); |
free(ktype); |
free(ktype); |
return -1; |
return -1; |
|
|
rlen = buffer_len(&b); |
rlen = buffer_len(&b); |
buffer_free(&b); |
buffer_free(&b); |
if (rlen != 0) { |
if (rlen != 0) { |
error("ssh_dss_verify: " |
error("%s: remaining bytes in signature %d", |
"remaining bytes in signature %d", rlen); |
__func__, rlen); |
free(sigblob); |
free(sigblob); |
return -1; |
return -1; |
} |
} |
|
|
|
|
/* parse signature */ |
/* parse signature */ |
if ((sig = DSA_SIG_new()) == NULL) |
if ((sig = DSA_SIG_new()) == NULL) |
fatal("ssh_dss_verify: DSA_SIG_new failed"); |
fatal("%s: DSA_SIG_new failed", __func__); |
if ((sig->r = BN_new()) == NULL) |
if ((sig->r = BN_new()) == NULL) |
fatal("ssh_dss_verify: BN_new failed"); |
fatal("%s: BN_new failed", __func__); |
if ((sig->s = BN_new()) == NULL) |
if ((sig->s = BN_new()) == NULL) |
fatal("ssh_dss_verify: BN_new failed"); |
fatal("ssh_dss_verify: BN_new failed"); |
if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || |
if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || |
(BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) |
(BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) |
fatal("ssh_dss_verify: BN_bin2bn failed"); |
fatal("%s: BN_bin2bn failed", __func__); |
|
|
/* clean up */ |
/* clean up */ |
memset(sigblob, 0, len); |
memset(sigblob, 0, len); |
|
|
|
|
DSA_SIG_free(sig); |
DSA_SIG_free(sig); |
|
|
debug("ssh_dss_verify: signature %s", |
debug("%s: signature %s", __func__, |
ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); |
ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); |
return ret; |
return ret; |
} |
} |