shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 10:40:27 +09:00
Code Issues Packages Projects Releases Wiki Activity

Add more error checks to ssh_sign_session_id().

Browse Source 
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@541 7dcaeef0-15fb-0310-b436-a5af3365683c
This commit is contained in:
Andreas Schneider
2009-04-18 09:57:20 +00:00
parent 9dab7771fa
commit fa01372c88
1 changed files with 81 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
libssh/keys.c
View File

@@ -1078,6 +1078,7 @@ void signature_free(SIGNATURE *sign) {
#if 0 #if 0
ssh_log(NULL, SSH_LOG_RARE, "Freeing a signature with no type!\n"); */ ssh_log(NULL, SSH_LOG_RARE, "Freeing a signature with no type!\n"); */
#endif #endif
break;
} }
SAFE_FREE(sign); SAFE_FREE(sign);
} }
@@ -1320,14 +1321,16 @@ STRING *ssh_encrypt_rsa1(SSH_SESSION *session, STRING *data, PUBLIC_KEY *key) {
/* this function signs the session id */ /* this function signs the session id */
STRING *ssh_sign_session_id(SSH_SESSION *session, PRIVATE_KEY *privatekey) { STRING *ssh_sign_session_id(SSH_SESSION *session, PRIVATE_KEY *privatekey) {
SHACTX ctx; CRYPTO *crypto=session->current_crypto ? session->current_crypto :
unsigned char hash[SHA_DIGEST_LEN+1]; session->next_crypto;
SIGNATURE *sign; unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
STRING *signature; STRING *signature = NULL;
CRYPTO *crypto=session->current_crypto?session->current_crypto:session->next_crypto; SIGNATURE *sign = NULL;
SHACTX ctx = NULL;
#ifdef HAVE_LIBGCRYPT #ifdef HAVE_LIBGCRYPT
gcry_sexp_t data_sexp; gcry_sexp_t data_sexp;
#endif #endif
ctx = sha1_init(); ctx = sha1_init();
if (ctx == NULL) { if (ctx == NULL) {
return NULL; return NULL;
@@ -1335,6 +1338,7 @@ STRING *ssh_sign_session_id(SSH_SESSION *session, PRIVATE_KEY *privatekey){
sha1_update(ctx,crypto->session_id,SHA_DIGEST_LEN); sha1_update(ctx,crypto->session_id,SHA_DIGEST_LEN);
sha1_final(hash + 1,ctx); sha1_final(hash + 1,ctx);
hash[0] = 0; hash[0] = 0;
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_print_hexa("Hash being signed with dsa",hash+1,SHA_DIGEST_LEN); ssh_print_hexa("Hash being signed with dsa",hash+1,SHA_DIGEST_LEN);
#endif #endif
@@ -1347,42 +1351,63 @@ STRING *ssh_sign_session_id(SSH_SESSION *session, PRIVATE_KEY *privatekey){
switch(privatekey->type) { switch(privatekey->type) {
case TYPE_DSS: case TYPE_DSS:
#ifdef HAVE_LIBGCRYPT #ifdef HAVE_LIBGCRYPT
gcry_sexp_build(&data_sexp,NULL,"%b",SHA_DIGEST_LEN+1,hash); if (gcry_sexp_build(&data_sexp, NULL, "%b", SHA_DIGEST_LEN + 1, hash) ||
gcry_pk_sign(&sign->dsa_sign,data_sexp,privatekey->dsa_priv); gcry_pk_sign(&sign->dsa_sign, data_sexp, privatekey->dsa_priv)) {
ssh_set_error(session, SSH_FATAL, "Signing: libgcrypt error");
gcry_sexp_release(data_sexp);
signature_free(sign);
return NULL;
}
#elif defined HAVE_LIBCRYPTO #elif defined HAVE_LIBCRYPTO
sign->dsa_sign=DSA_do_sign(hash+1,SHA_DIGEST_LEN,privatekey->dsa_priv); sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->dsa_priv);
if (sign->dsa_sign == NULL) {
ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
signature_free(sign);
return NULL;
}
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_print_bignum("r",sign->dsa_sign->r); ssh_print_bignum("r",sign->dsa_sign->r);
ssh_print_bignum("s",sign->dsa_sign->s); ssh_print_bignum("s",sign->dsa_sign->s);
#endif #endif
#endif
#endif /* HAVE_LIBCRYPTO */
sign->rsa_sign = NULL; sign->rsa_sign = NULL;
break; break;
case TYPE_RSA: case TYPE_RSA:
#ifdef HAVE_LIBGCRYPT #ifdef HAVE_LIBGCRYPT
gcry_sexp_build(&data_sexp,NULL,"(data(flags pkcs1)(hash sha1 %b))",SHA_DIGEST_LEN,hash+1); if (gcry_sexp_build(&data_sexp, NULL, "(data(flags pkcs1)(hash sha1 %b))",
gcry_pk_sign(&sign->rsa_sign,data_sexp,privatekey->rsa_priv); SHA_DIGEST_LEN, hash + 1) ||
gcry_pk_sign(&sign->rsa_sign, data_sexp, privatekey->rsa_priv)) {
ssh_set_error(session, SSH_FATAL, "Signing: libgcrypt error");
gcry_sexp_release(data_sexp);
signature_free(sign);
return NULL;
}
#elif defined HAVE_LIBCRYPTO #elif defined HAVE_LIBCRYPTO
sign->rsa_sign=RSA_do_sign(hash+1,SHA_DIGEST_LEN,privatekey->rsa_priv); sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->rsa_priv);
if (sign->rsa_sign == NULL) {
ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
signature_free(sign);
return NULL;
}
#endif #endif
sign->dsa_sign = NULL; sign->dsa_sign = NULL;
break; break;
} }
#ifdef HAVE_LIBGCRYPT #ifdef HAVE_LIBGCRYPT
gcry_sexp_release(data_sexp); gcry_sexp_release(data_sexp);
#endif #endif
sign->type = privatekey->type; sign->type = privatekey->type;
if(!sign->dsa_sign && !sign->rsa_sign){
#ifdef HAVE_LIBGCRYPT
ssh_set_error(session,SSH_FATAL,"Signing : libgcrypt error");
#elif defined HAVE_LIBCRYPTO
ssh_set_error(session,SSH_FATAL,"Signing : openssl error");
#endif
signature_free(sign);
return NULL;
}
signature = signature_to_string(sign); signature = signature_to_string(sign);
signature_free(sign); signature_free(sign);
return signature; return signature;
} }
/** @} */ /** @} */