version 1.62, 2017/07/01 13:50:45 |
version 1.63, 2017/12/18 02:25:15 |
|
|
|
|
int |
int |
ssh_rsa_verify(const struct sshkey *key, |
ssh_rsa_verify(const struct sshkey *key, |
const u_char *sig, size_t siglen, const u_char *data, size_t datalen) |
const u_char *sig, size_t siglen, const u_char *data, size_t datalen, |
|
const char *alg) |
{ |
{ |
char *ktype = NULL; |
char *sigtype = NULL; |
int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; |
int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; |
size_t len, diff, modlen, dlen; |
size_t len, diff, modlen, dlen; |
struct sshbuf *b = NULL; |
struct sshbuf *b = NULL; |
|
|
|
|
if ((b = sshbuf_from(sig, siglen)) == NULL) |
if ((b = sshbuf_from(sig, siglen)) == NULL) |
return SSH_ERR_ALLOC_FAIL; |
return SSH_ERR_ALLOC_FAIL; |
if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { |
if (sshbuf_get_cstring(b, &sigtype, NULL) != 0) { |
ret = SSH_ERR_INVALID_FORMAT; |
ret = SSH_ERR_INVALID_FORMAT; |
goto out; |
goto out; |
} |
} |
if ((hash_alg = rsa_hash_alg_from_ident(ktype)) == -1) { |
/* XXX djm: need cert types that reliably yield SHA-2 signatures */ |
|
if (alg != NULL && strcmp(alg, sigtype) != 0 && |
|
strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) { |
|
ret = SSH_ERR_SIGNATURE_INVALID; |
|
goto out; |
|
} |
|
if ((hash_alg = rsa_hash_alg_from_ident(sigtype)) == -1) { |
ret = SSH_ERR_KEY_TYPE_MISMATCH; |
ret = SSH_ERR_KEY_TYPE_MISMATCH; |
goto out; |
goto out; |
} |
} |
|
|
explicit_bzero(sigblob, len); |
explicit_bzero(sigblob, len); |
free(sigblob); |
free(sigblob); |
} |
} |
free(ktype); |
free(sigtype); |
sshbuf_free(b); |
sshbuf_free(b); |
explicit_bzero(digest, sizeof(digest)); |
explicit_bzero(digest, sizeof(digest)); |
return ret; |
return ret; |