| version 1.46, 2013/05/17 00:13:14 |
version 1.47, 2013/12/27 22:30:17 |
|
|
| int ok, nid; |
int ok, nid; |
| Buffer b; |
Buffer b; |
| |
|
| if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && |
if (key == NULL || key_type_plain(key->type) != KEY_RSA || |
| key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { |
key->rsa == NULL) { |
| error("ssh_rsa_sign: no RSA key"); |
error("%s: no RSA key", __func__); |
| return -1; |
return -1; |
| } |
} |
| |
|
| nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
| if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
| error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); |
error("%s: EVP_get_digestbynid %d failed", __func__, nid); |
| return -1; |
return -1; |
| } |
} |
| EVP_DigestInit(&md, evp_md); |
EVP_DigestInit(&md, evp_md); |
|
|
| if (ok != 1) { |
if (ok != 1) { |
| int ecode = ERR_get_error(); |
int ecode = ERR_get_error(); |
| |
|
| error("ssh_rsa_sign: RSA_sign failed: %s", |
error("%s: RSA_sign failed: %s", __func__, |
| ERR_error_string(ecode, NULL)); |
ERR_error_string(ecode, NULL)); |
| free(sig); |
free(sig); |
| return -1; |
return -1; |
|
|
| memmove(sig + diff, sig, len); |
memmove(sig + diff, sig, len); |
| memset(sig, 0, diff); |
memset(sig, 0, diff); |
| } else if (len > slen) { |
} else if (len > slen) { |
| error("ssh_rsa_sign: slen %u slen2 %u", slen, len); |
error("%s: slen %u slen2 %u", __func__, slen, len); |
| free(sig); |
free(sig); |
| return -1; |
return -1; |
| } |
} |
|
|
| u_int len, dlen, modlen; |
u_int len, dlen, modlen; |
| int rlen, ret, nid; |
int rlen, ret, nid; |
| |
|
| if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && |
if (key == NULL || key_type_plain(key->type) != KEY_RSA || |
| key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { |
key->rsa == NULL) { |
| error("ssh_rsa_verify: no RSA key"); |
error("%s: no RSA key", __func__); |
| return -1; |
return -1; |
| } |
} |
| |
|
| if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { |
if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { |
| error("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", |
error("%s: RSA modulus too small: %d < minimum %d bits", |
| BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); |
__func__, BN_num_bits(key->rsa->n), |
| |
SSH_RSA_MINIMUM_MODULUS_SIZE); |
| return -1; |
return -1; |
| } |
} |
| buffer_init(&b); |
buffer_init(&b); |
| buffer_append(&b, signature, signaturelen); |
buffer_append(&b, signature, signaturelen); |
| ktype = buffer_get_cstring(&b, NULL); |
ktype = buffer_get_cstring(&b, NULL); |
| if (strcmp("ssh-rsa", ktype) != 0) { |
if (strcmp("ssh-rsa", ktype) != 0) { |
| error("ssh_rsa_verify: cannot handle type %s", ktype); |
error("%s: cannot handle type %s", __func__, ktype); |
| buffer_free(&b); |
buffer_free(&b); |
| free(ktype); |
free(ktype); |
| return -1; |
return -1; |
|
|
| rlen = buffer_len(&b); |
rlen = buffer_len(&b); |
| buffer_free(&b); |
buffer_free(&b); |
| if (rlen != 0) { |
if (rlen != 0) { |
| error("ssh_rsa_verify: remaining bytes in signature %d", rlen); |
error("%s: remaining bytes in signature %d", __func__, rlen); |
| free(sigblob); |
free(sigblob); |
| return -1; |
return -1; |
| } |
} |
| /* RSA_verify expects a signature of RSA_size */ |
/* RSA_verify expects a signature of RSA_size */ |
| modlen = RSA_size(key->rsa); |
modlen = RSA_size(key->rsa); |
| if (len > modlen) { |
if (len > modlen) { |
| error("ssh_rsa_verify: len %u > modlen %u", len, modlen); |
error("%s: len %u > modlen %u", __func__, len, modlen); |
| free(sigblob); |
free(sigblob); |
| return -1; |
return -1; |
| } else if (len < modlen) { |
} else if (len < modlen) { |
| u_int diff = modlen - len; |
u_int diff = modlen - len; |
| debug("ssh_rsa_verify: add padding: modlen %u > len %u", |
debug("%s: add padding: modlen %u > len %u", __func__, |
| modlen, len); |
modlen, len); |
| sigblob = xrealloc(sigblob, 1, modlen); |
sigblob = xrealloc(sigblob, 1, modlen); |
| memmove(sigblob + diff, sigblob, len); |
memmove(sigblob + diff, sigblob, len); |
|
|
| } |
} |
| nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
| if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
| error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); |
error("%s: EVP_get_digestbynid %d failed", __func__, nid); |
| free(sigblob); |
free(sigblob); |
| return -1; |
return -1; |
| } |
} |
|
|
| memset(digest, 'd', sizeof(digest)); |
memset(digest, 'd', sizeof(digest)); |
| memset(sigblob, 's', len); |
memset(sigblob, 's', len); |
| free(sigblob); |
free(sigblob); |
| debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); |
debug("%s: signature %scorrect", __func__, (ret == 0) ? "in" : ""); |
| return ret; |
return ret; |
| } |
} |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-rsa.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh