version 1.45, 2010/08/31 09:58:37 |
version 1.46, 2013/05/17 00:13:14 |
|
|
|
|
error("ssh_rsa_sign: RSA_sign failed: %s", |
error("ssh_rsa_sign: RSA_sign failed: %s", |
ERR_error_string(ecode, NULL)); |
ERR_error_string(ecode, NULL)); |
xfree(sig); |
free(sig); |
return -1; |
return -1; |
} |
} |
if (len < slen) { |
if (len < slen) { |
|
|
memset(sig, 0, diff); |
memset(sig, 0, diff); |
} else if (len > slen) { |
} else if (len > slen) { |
error("ssh_rsa_sign: slen %u slen2 %u", slen, len); |
error("ssh_rsa_sign: slen %u slen2 %u", slen, len); |
xfree(sig); |
free(sig); |
return -1; |
return -1; |
} |
} |
/* encode signature */ |
/* encode signature */ |
|
|
} |
} |
buffer_free(&b); |
buffer_free(&b); |
memset(sig, 's', slen); |
memset(sig, 's', slen); |
xfree(sig); |
free(sig); |
|
|
return 0; |
return 0; |
} |
} |
|
|
if (strcmp("ssh-rsa", ktype) != 0) { |
if (strcmp("ssh-rsa", ktype) != 0) { |
error("ssh_rsa_verify: cannot handle type %s", ktype); |
error("ssh_rsa_verify: cannot handle type %s", ktype); |
buffer_free(&b); |
buffer_free(&b); |
xfree(ktype); |
free(ktype); |
return -1; |
return -1; |
} |
} |
xfree(ktype); |
free(ktype); |
sigblob = buffer_get_string(&b, &len); |
sigblob = buffer_get_string(&b, &len); |
rlen = buffer_len(&b); |
rlen = buffer_len(&b); |
buffer_free(&b); |
buffer_free(&b); |
if (rlen != 0) { |
if (rlen != 0) { |
error("ssh_rsa_verify: remaining bytes in signature %d", rlen); |
error("ssh_rsa_verify: remaining bytes in signature %d", rlen); |
xfree(sigblob); |
free(sigblob); |
return -1; |
return -1; |
} |
} |
/* RSA_verify expects a signature of RSA_size */ |
/* RSA_verify expects a signature of RSA_size */ |
modlen = RSA_size(key->rsa); |
modlen = RSA_size(key->rsa); |
if (len > modlen) { |
if (len > modlen) { |
error("ssh_rsa_verify: len %u > modlen %u", len, modlen); |
error("ssh_rsa_verify: len %u > modlen %u", len, modlen); |
xfree(sigblob); |
free(sigblob); |
return -1; |
return -1; |
} else if (len < modlen) { |
} else if (len < modlen) { |
u_int diff = modlen - len; |
u_int diff = modlen - len; |
|
|
nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); |
error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); |
xfree(sigblob); |
free(sigblob); |
return -1; |
return -1; |
} |
} |
EVP_DigestInit(&md, evp_md); |
EVP_DigestInit(&md, evp_md); |
|
|
ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
memset(digest, 'd', sizeof(digest)); |
memset(digest, 'd', sizeof(digest)); |
memset(sigblob, 's', len); |
memset(sigblob, 's', len); |
xfree(sigblob); |
free(sigblob); |
debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); |
debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); |
return ret; |
return ret; |
} |
} |
|
|
} |
} |
ret = 1; |
ret = 1; |
done: |
done: |
if (decrypted) |
free(decrypted); |
xfree(decrypted); |
|
return ret; |
return ret; |
} |
} |