diff options
| author | Andreas Schneider <asn@cryptomilk.org> | 2011-08-26 23:13:57 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2011-08-26 23:13:57 +0200 |
| commit | 79ed1bc601d20c14d4b514abecdebcf454baf322 (patch) | |
| tree | 532b37d08646d3cf630dff842de9e522a6a43873 /src/pki_crypto.c | |
| parent | 228e2edac5ebb0e21e9eac3f19c3200d6d1e65bf (diff) | |
| download | libssh-79ed1bc601d20c14d4b514abecdebcf454baf322.tar.gz libssh-79ed1bc601d20c14d4b514abecdebcf454baf322.tar.xz libssh-79ed1bc601d20c14d4b514abecdebcf454baf322.zip | |
pki: Handle hash correctly.
Looks like only DSA in grypt needs a leading zero to mark the has as
positive. See
http://lists.gnupg.org/pipermail/gcrypt-devel/2005-February/000754.html
Diffstat (limited to 'src/pki_crypto.c')
| -rw-r--r-- | src/pki_crypto.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c index 7140a88c..a2c04b48 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -677,14 +677,14 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const ssh_key key, const unsigned char *hash, - size_t len) + size_t hlen) { int rc; switch(key->type) { case SSH_KEYTYPE_DSS: - rc = DSA_do_verify(hash + 1, - len, + rc = DSA_do_verify(hash, + hlen, sig->dsa_sig, key->dsa); if (rc < 0) { @@ -698,8 +698,8 @@ int pki_signature_verify(ssh_session session, case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA1: rc = RSA_verify(NID_sha1, - hash + 1, - len, + hash, + hlen, string_data(sig->rsa_sig), ssh_string_len(sig->rsa_sig), key->rsa); @@ -734,7 +734,7 @@ ssh_signature pki_do_sign(const ssh_key privkey, switch(privkey->type) { case SSH_KEYTYPE_DSS: - sig->dsa_sig = DSA_do_sign(hash + 1, hlen, privkey->dsa); + sig->dsa_sig = DSA_do_sign(hash, hlen, privkey->dsa); if (sig->dsa_sig == NULL) { ssh_signature_free(sig); return NULL; @@ -748,7 +748,7 @@ ssh_signature pki_do_sign(const ssh_key privkey, break; case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA1: - sig->rsa_sig = _RSA_do_sign(hash + 1, hlen, privkey->rsa); + sig->rsa_sig = _RSA_do_sign(hash, hlen, privkey->rsa); if (sig->rsa_sig == NULL) { ssh_signature_free(sig); return NULL; @@ -766,7 +766,8 @@ ssh_signature pki_do_sign(const ssh_key privkey, #ifdef WITH_SERVER ssh_signature pki_do_sign_sessionid(const ssh_key key, - const unsigned char *hash) + const unsigned char *hash, + size_t hlen) { ssh_signature sig; @@ -778,7 +779,7 @@ ssh_signature pki_do_sign_sessionid(const ssh_key key, switch(key->type) { case SSH_KEYTYPE_DSS: - sig->dsa_sig = DSA_do_sign(hash + 1, SHA_DIGEST_LEN, key->dsa); + sig->dsa_sig = DSA_do_sign(hash, hlen, key->dsa); if (sig->dsa_sig == NULL) { ssh_signature_free(sig); return NULL; @@ -786,7 +787,7 @@ ssh_signature pki_do_sign_sessionid(const ssh_key key, break; case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA1: - sig->rsa_sig = _RSA_do_sign(hash + 1, SHA_DIGEST_LEN, key->rsa); + sig->rsa_sig = _RSA_do_sign(hash, hlen, key->rsa); if (sig->rsa_sig == NULL) { ssh_signature_free(sig); return NULL; |