| version 1.28, 2013/05/17 00:13:14 |
version 1.29, 2013/12/27 22:30:17 |
|
|
| u_int rlen, slen, len, dlen; |
u_int rlen, slen, len, dlen; |
| Buffer b; |
Buffer b; |
| |
|
| if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && |
if (key == NULL || key_type_plain(key->type) != KEY_DSA || |
| key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) { |
key->dsa == NULL) { |
| error("ssh_dss_sign: no DSA key"); |
error("%s: no DSA key", __func__); |
| return -1; |
return -1; |
| } |
} |
| |
|
| EVP_DigestInit(&md, evp_md); |
EVP_DigestInit(&md, evp_md); |
| EVP_DigestUpdate(&md, data, datalen); |
EVP_DigestUpdate(&md, data, datalen); |
| EVP_DigestFinal(&md, digest, &dlen); |
EVP_DigestFinal(&md, digest, &dlen); |
|
|
| int rlen, ret; |
int rlen, ret; |
| Buffer b; |
Buffer b; |
| |
|
| if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && |
if (key == NULL || key_type_plain(key->type) != KEY_DSA || |
| key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) { |
key->dsa == NULL) { |
| error("ssh_dss_verify: no DSA key"); |
error("%s: no DSA key", __func__); |
| return -1; |
return -1; |
| } |
} |
| |
|
|
|
| buffer_append(&b, signature, signaturelen); |
buffer_append(&b, signature, signaturelen); |
| ktype = buffer_get_cstring(&b, NULL); |
ktype = buffer_get_cstring(&b, NULL); |
| if (strcmp("ssh-dss", ktype) != 0) { |
if (strcmp("ssh-dss", ktype) != 0) { |
| error("ssh_dss_verify: cannot handle type %s", ktype); |
error("%s: cannot handle type %s", __func__, ktype); |
| buffer_free(&b); |
buffer_free(&b); |
| free(ktype); |
free(ktype); |
| return -1; |
return -1; |
|
|
| rlen = buffer_len(&b); |
rlen = buffer_len(&b); |
| buffer_free(&b); |
buffer_free(&b); |
| if (rlen != 0) { |
if (rlen != 0) { |
| error("ssh_dss_verify: " |
error("%s: remaining bytes in signature %d", |
| "remaining bytes in signature %d", rlen); |
__func__, rlen); |
| free(sigblob); |
free(sigblob); |
| return -1; |
return -1; |
| } |
} |
|
|
| |
|
| /* parse signature */ |
/* parse signature */ |
| if ((sig = DSA_SIG_new()) == NULL) |
if ((sig = DSA_SIG_new()) == NULL) |
| fatal("ssh_dss_verify: DSA_SIG_new failed"); |
fatal("%s: DSA_SIG_new failed", __func__); |
| if ((sig->r = BN_new()) == NULL) |
if ((sig->r = BN_new()) == NULL) |
| fatal("ssh_dss_verify: BN_new failed"); |
fatal("%s: BN_new failed", __func__); |
| if ((sig->s = BN_new()) == NULL) |
if ((sig->s = BN_new()) == NULL) |
| fatal("ssh_dss_verify: BN_new failed"); |
fatal("ssh_dss_verify: BN_new failed"); |
| if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || |
if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || |
| (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) |
(BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) |
| fatal("ssh_dss_verify: BN_bin2bn failed"); |
fatal("%s: BN_bin2bn failed", __func__); |
| |
|
| /* clean up */ |
/* clean up */ |
| memset(sigblob, 0, len); |
memset(sigblob, 0, len); |
|
|
| |
|
| DSA_SIG_free(sig); |
DSA_SIG_free(sig); |
| |
|
| debug("ssh_dss_verify: signature %s", |
debug("%s: signature %s", __func__, |
| ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); |
ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); |
| return ret; |
return ret; |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-dss.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh