src/usr.bin/ssh/ssh-dss.c - diff

Return to ssh-dss.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh-dss.c between version 1.8 and 1.8.2.4

version 1.8, 2001/09/17 19:27:15

version 1.8.2.4, 2002/10/11 14:53:07

Line 40

#define SIGBLOB_LEN (2*INTBLOB_LEN)

int

ssh_dss_sign(

ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,

Key *key,

u_char *data, u_int datalen)

u_char **sigp, int *lenp,

u_char *data, int datalen)

{

DSA_SIG *sig;

EVP_MD *evp_md = EVP_sha1();

const EVP_MD *evp_md = EVP_sha1();

EVP_MD_CTX md;

u_char *digest, *ret, sigblob[SIGBLOB_LEN];

u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];

u_int rlen, slen, len, dlen;

Buffer b;

Line 56

Line 54

error("ssh_dss_sign: no DSA key");

return -1;

}

dlen = evp_md->md_size;

digest = xmalloc(dlen);

EVP_DigestInit(&md, evp_md);

EVP_DigestUpdate(&md, data, datalen);

EVP_DigestFinal(&md, digest, NULL);

EVP_DigestFinal(&md, digest, &dlen);

sig = DSA_do_sign(digest, dlen, key->dsa);

memset(digest, 'd', sizeof(digest));

memset(digest, 0, dlen);

xfree(digest);

if (sig == NULL) {

error("ssh_dss_sign: sign failed");

return -1;

Line 74

Line 69

rlen = BN_num_bytes(sig->r);

slen = BN_num_bytes(sig->s);

if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {

error("bad sig size %d %d", rlen, slen);

error("bad sig size %u %u", rlen, slen);

DSA_SIG_free(sig);

return -1;

}

Line 84

Line 79

DSA_SIG_free(sig);

if (datafellows & SSH_BUG_SIGBLOB) {

ret = xmalloc(SIGBLOB_LEN);

memcpy(ret, sigblob, SIGBLOB_LEN);

if (lenp != NULL)

*lenp = SIGBLOB_LEN;

if (sigp != NULL)

if (sigp != NULL) {

*sigp = ret;

*sigp = xmalloc(SIGBLOB_LEN);

memcpy(*sigp, sigblob, SIGBLOB_LEN);

}

} else {

/* ietf-drafts */

buffer_init(&b);

buffer_put_cstring(&b, "ssh-dss");

buffer_put_string(&b, sigblob, SIGBLOB_LEN);

len = buffer_len(&b);

ret = xmalloc(len);

memcpy(ret, buffer_ptr(&b), len);

buffer_free(&b);

if (lenp != NULL)

*lenp = len;

if (sigp != NULL)

if (sigp != NULL) {

*sigp = ret;

*sigp = xmalloc(len);

memcpy(*sigp, buffer_ptr(&b), len);

}

buffer_free(&b);

}

return 0;

}

int

ssh_dss_verify(

ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,

Key *key,

u_char *data, u_int datalen)

u_char *signature, int signaturelen,

u_char *data, int datalen)

{

DSA_SIG *sig;

EVP_MD *evp_md = EVP_sha1();

const EVP_MD *evp_md = EVP_sha1();

EVP_MD_CTX md;

u_char *digest, *sigblob;

u_char digest[EVP_MAX_MD_SIZE], *sigblob;

u_int len, dlen;

int rlen, ret;

Buffer b;

Line 138

Line 131

if (strcmp("ssh-dss", ktype) != 0) {

error("ssh_dss_verify: cannot handle type %s", ktype);

buffer_free(&b);

xfree(ktype);

return -1;

}

xfree(ktype);

sigblob = buffer_get_string(&b, &len);

rlen = buffer_len(&b);

if(rlen != 0) {

buffer_free(&b);

error("remaining bytes in signature %d", rlen);

if (rlen != 0) {

buffer_free(&b);

error("ssh_dss_verify: "

"remaining bytes in signature %d", rlen);

xfree(sigblob);

return -1;

}

buffer_free(&b);

xfree(ktype);

}

if (len != SIGBLOB_LEN) {

fatal("bad sigbloblen %d != SIGBLOB_LEN", len);

fatal("bad sigbloblen %u != SIGBLOB_LEN", len);

}

/* parse signature */

sig = DSA_SIG_new();

if ((sig = DSA_SIG_new()) == NULL)

sig->r = BN_new();

fatal("ssh_dss_verify: DSA_SIG_new failed");

sig->s = BN_new();

if ((sig->r = BN_new()) == NULL)

fatal("ssh_dss_verify: BN_new failed");

if ((sig->s = BN_new()) == NULL)

fatal("ssh_dss_verify: BN_new failed");

BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);

BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);

Line 168

Line 166

}

/* sha1 the data */

dlen = evp_md->md_size;

digest = xmalloc(dlen);

EVP_DigestInit(&md, evp_md);

EVP_DigestUpdate(&md, data, datalen);

EVP_DigestFinal(&md, digest, NULL);

EVP_DigestFinal(&md, digest, &dlen);

ret = DSA_do_verify(digest, dlen, sig, key->dsa);

memset(digest, 'd', sizeof(digest));

memset(digest, 0, dlen);

xfree(digest);

DSA_SIG_free(sig);

debug("ssh_dss_verify: signature %s",