shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 18:04:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

pki_crypto: Store raw RSA signature in ssh_signature

Browse Source 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Anderson Toshiyuki Sasaki
2019-04-30 11:15:55 +02:00
committed by Andreas Schneider
parent 0ea9e39e81
commit ba67555764
1 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/pki_crypto.c
View File

@@ -1535,7 +1535,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
break; break;
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
sig_blob = ssh_string_copy(sig->rsa_sig); sig_blob = ssh_string_copy(sig->raw_sig);
break; break;
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
sig_blob = pki_ed25519_sig_to_blob(sig); sig_blob = pki_ed25519_sig_to_blob(sig);
@@ -1588,7 +1588,7 @@ static int pki_signature_from_rsa_blob(const ssh_key pubkey,
#endif #endif
if (len == rsalen) { if (len == rsalen) {
sig->rsa_sig = ssh_string_copy(sig_blob); sig->raw_sig = ssh_string_copy(sig_blob);
} else { } else {
/* pad the blob to the expected rsalen size */ /* pad the blob to the expected rsalen size */
SSH_LOG(SSH_LOG_DEBUG, SSH_LOG(SSH_LOG_DEBUG,
@@ -1611,7 +1611,7 @@ static int pki_signature_from_rsa_blob(const ssh_key pubkey,
/* fill the rest with the actual signature blob */ /* fill the rest with the actual signature blob */
memcpy(blob_padded_data + pad_len, blob_orig, len); memcpy(blob_padded_data + pad_len, blob_orig, len);
sig->rsa_sig = sig_blob_padded; sig->raw_sig = sig_blob_padded;
} }
return SSH_OK; return SSH_OK;
@@ -1865,6 +1865,9 @@ int pki_signature_verify(ssh_session session,
unsigned char hash[SHA512_DIGEST_LEN] = {0}; unsigned char hash[SHA512_DIGEST_LEN] = {0};
uint32_t hlen = 0; uint32_t hlen = 0;
const unsigned char *raw_sig_data = ssh_string_data(sig->raw_sig);
size_t raw_sig_len = ssh_string_len(sig->raw_sig);
if (ssh_key_type_plain(key->type) != sig->type) { if (ssh_key_type_plain(key->type) != sig->type) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_WARN,
"Can not verify %s signature with %s key", "Can not verify %s signature with %s key",
@@ -1934,11 +1937,17 @@ int pki_signature_verify(ssh_session session,
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_RSA_CERT01:
if (raw_sig_data == NULL) {
SSH_LOG(SSH_LOG_WARN,
"NULL raw signature found in provided signature");
return SSH_ERROR;
}
rc = RSA_verify(nid, rc = RSA_verify(nid,
hash, hash,
hlen, hlen,
ssh_string_data(sig->rsa_sig), raw_sig_data,
ssh_string_len(sig->rsa_sig), raw_sig_len,
key->rsa); key->rsa);
if (rc <= 0) { if (rc <= 0) {
SSH_LOG(SSH_LOG_TRACE, "RSA verify failed"); SSH_LOG(SSH_LOG_TRACE, "RSA verify failed");
@@ -2016,8 +2025,8 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
break; break;
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
sig->rsa_sig = _RSA_do_sign_hash(hash, hlen, privkey->rsa, hash_type); sig->raw_sig = _RSA_do_sign_hash(hash, hlen, privkey->rsa, hash_type);
if (sig->rsa_sig == NULL) { if (sig->raw_sig == NULL) {
ssh_signature_free(sig); ssh_signature_free(sig);
return NULL; return NULL;
} }