| ssh-rsa.c (204917) | ssh-rsa.c (215116) |
|---|---|
| 1/* $OpenBSD: ssh-rsa.c,v 1.40 2010/02/26 20:29:54 djm Exp $ */ | 1/* $OpenBSD: ssh-rsa.c,v 1.44 2010/07/16 14:07:35 djm Exp $ */ |
| 2/* 3 * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES --- 15 unchanged lines hidden (view full) --- 25#include <stdarg.h> 26#include <string.h> 27 28#include "xmalloc.h" 29#include "log.h" 30#include "buffer.h" 31#include "key.h" 32#include "compat.h" | 2/* 3 * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES --- 15 unchanged lines hidden (view full) --- 25#include <stdarg.h> 26#include <string.h> 27 28#include "xmalloc.h" 29#include "log.h" 30#include "buffer.h" 31#include "key.h" 32#include "compat.h" |
| 33#include "misc.h" |
|
| 33#include "ssh.h" 34 35static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); 36 37/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ 38int 39ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, 40 const u_char *data, u_int datalen) 41{ 42 const EVP_MD *evp_md; 43 EVP_MD_CTX md; 44 u_char digest[EVP_MAX_MD_SIZE], *sig; 45 u_int slen, dlen, len; 46 int ok, nid; 47 Buffer b; 48 | 34#include "ssh.h" 35 36static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); 37 38/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ 39int 40ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, 41 const u_char *data, u_int datalen) 42{ 43 const EVP_MD *evp_md; 44 EVP_MD_CTX md; 45 u_char digest[EVP_MAX_MD_SIZE], *sig; 46 u_int slen, dlen, len; 47 int ok, nid; 48 Buffer b; 49 |
| 49 if (key == NULL || 50 (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || 51 key->rsa == NULL) { | 50 if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && 51 key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { |
| 52 error("ssh_rsa_sign: no RSA key"); 53 return -1; 54 } 55 nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; 56 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { 57 error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); 58 return -1; 59 } --- 50 unchanged lines hidden (view full) --- 110 Buffer b; 111 const EVP_MD *evp_md; 112 EVP_MD_CTX md; 113 char *ktype; 114 u_char digest[EVP_MAX_MD_SIZE], *sigblob; 115 u_int len, dlen, modlen; 116 int rlen, ret, nid; 117 | 52 error("ssh_rsa_sign: no RSA key"); 53 return -1; 54 } 55 nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; 56 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { 57 error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); 58 return -1; 59 } --- 50 unchanged lines hidden (view full) --- 110 Buffer b; 111 const EVP_MD *evp_md; 112 EVP_MD_CTX md; 113 char *ktype; 114 u_char digest[EVP_MAX_MD_SIZE], *sigblob; 115 u_int len, dlen, modlen; 116 int rlen, ret, nid; 117 |
| 118 if (key == NULL || 119 (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || 120 key->rsa == NULL) { | 118 if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && 119 key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { |
| 121 error("ssh_rsa_verify: no RSA key"); 122 return -1; 123 } 124 if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { 125 error("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", 126 BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); 127 return -1; 128 } --- 78 unchanged lines hidden (view full) --- 207 0x04, 0x10 /* Octet string, length 0x10 (16), followed by md5 hash */ 208}; 209 210static int 211openssh_RSA_verify(int type, u_char *hash, u_int hashlen, 212 u_char *sigbuf, u_int siglen, RSA *rsa) 213{ 214 u_int ret, rsasize, oidlen = 0, hlen = 0; | 120 error("ssh_rsa_verify: no RSA key"); 121 return -1; 122 } 123 if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { 124 error("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", 125 BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); 126 return -1; 127 } --- 78 unchanged lines hidden (view full) --- 206 0x04, 0x10 /* Octet string, length 0x10 (16), followed by md5 hash */ 207}; 208 209static int 210openssh_RSA_verify(int type, u_char *hash, u_int hashlen, 211 u_char *sigbuf, u_int siglen, RSA *rsa) 212{ 213 u_int ret, rsasize, oidlen = 0, hlen = 0; |
| 215 int len; | 214 int len, oidmatch, hashmatch; |
| 216 const u_char *oid = NULL; 217 u_char *decrypted = NULL; 218 219 ret = 0; 220 switch (type) { 221 case NID_sha1: 222 oid = id_sha1; 223 oidlen = sizeof(id_sha1); --- 22 unchanged lines hidden (view full) --- 246 error("RSA_public_decrypt failed: %s", 247 ERR_error_string(ERR_get_error(), NULL)); 248 goto done; 249 } 250 if (len < 0 || (u_int)len != hlen + oidlen) { 251 error("bad decrypted len: %d != %d + %d", len, hlen, oidlen); 252 goto done; 253 } | 215 const u_char *oid = NULL; 216 u_char *decrypted = NULL; 217 218 ret = 0; 219 switch (type) { 220 case NID_sha1: 221 oid = id_sha1; 222 oidlen = sizeof(id_sha1); --- 22 unchanged lines hidden (view full) --- 245 error("RSA_public_decrypt failed: %s", 246 ERR_error_string(ERR_get_error(), NULL)); 247 goto done; 248 } 249 if (len < 0 || (u_int)len != hlen + oidlen) { 250 error("bad decrypted len: %d != %d + %d", len, hlen, oidlen); 251 goto done; 252 } |
| 254 if (memcmp(decrypted, oid, oidlen) != 0) { | 253 oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0; 254 hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0; 255 if (!oidmatch) { |
| 255 error("oid mismatch"); 256 goto done; 257 } | 256 error("oid mismatch"); 257 goto done; 258 } |
| 258 if (memcmp(decrypted + oidlen, hash, hlen) != 0) { | 259 if (!hashmatch) { |
| 259 error("hash mismatch"); 260 goto done; 261 } 262 ret = 1; 263done: 264 if (decrypted) 265 xfree(decrypted); 266 return ret; 267} | 260 error("hash mismatch"); 261 goto done; 262 } 263 ret = 1; 264done: 265 if (decrypted) 266 xfree(decrypted); 267 return ret; 268} |