| version 1.62, 2017/07/01 13:50:45 |
version 1.63, 2017/12/18 02:25:15 |
|
|
| |
|
| int |
int |
| ssh_rsa_verify(const struct sshkey *key, |
ssh_rsa_verify(const struct sshkey *key, |
| const u_char *sig, size_t siglen, const u_char *data, size_t datalen) |
const u_char *sig, size_t siglen, const u_char *data, size_t datalen, |
| |
const char *alg) |
| { |
{ |
| char *ktype = NULL; |
char *sigtype = NULL; |
| int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; |
int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; |
| size_t len, diff, modlen, dlen; |
size_t len, diff, modlen, dlen; |
| struct sshbuf *b = NULL; |
struct sshbuf *b = NULL; |
|
|
| |
|
| if ((b = sshbuf_from(sig, siglen)) == NULL) |
if ((b = sshbuf_from(sig, siglen)) == NULL) |
| return SSH_ERR_ALLOC_FAIL; |
return SSH_ERR_ALLOC_FAIL; |
| if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { |
if (sshbuf_get_cstring(b, &sigtype, NULL) != 0) { |
| ret = SSH_ERR_INVALID_FORMAT; |
ret = SSH_ERR_INVALID_FORMAT; |
| goto out; |
goto out; |
| } |
} |
| if ((hash_alg = rsa_hash_alg_from_ident(ktype)) == -1) { |
/* XXX djm: need cert types that reliably yield SHA-2 signatures */ |
| |
if (alg != NULL && strcmp(alg, sigtype) != 0 && |
| |
strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) { |
| |
ret = SSH_ERR_SIGNATURE_INVALID; |
| |
goto out; |
| |
} |
| |
if ((hash_alg = rsa_hash_alg_from_ident(sigtype)) == -1) { |
| ret = SSH_ERR_KEY_TYPE_MISMATCH; |
ret = SSH_ERR_KEY_TYPE_MISMATCH; |
| goto out; |
goto out; |
| } |
} |
|
|
| explicit_bzero(sigblob, len); |
explicit_bzero(sigblob, len); |
| free(sigblob); |
free(sigblob); |
| } |
} |
| free(ktype); |
free(sigtype); |
| sshbuf_free(b); |
sshbuf_free(b); |
| explicit_bzero(digest, sizeof(digest)); |
explicit_bzero(digest, sizeof(digest)); |
| return ret; |
return ret; |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-rsa.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh