diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2011-08-26 23:13:57 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2011-08-26 23:13:57 +0200 |
commit | 79ed1bc601d20c14d4b514abecdebcf454baf322 (patch) | |
tree | 532b37d08646d3cf630dff842de9e522a6a43873 /src/pki.c | |
parent | 228e2edac5ebb0e21e9eac3f19c3200d6d1e65bf (diff) | |
download | libssh-79ed1bc601d20c14d4b514abecdebcf454baf322.tar.gz libssh-79ed1bc601d20c14d4b514abecdebcf454baf322.tar.xz libssh-79ed1bc601d20c14d4b514abecdebcf454baf322.zip |
pki: Handle hash correctly.
Looks like only DSA in grypt needs a leading zero to mark the has as
positive. See
http://lists.gnupg.org/pipermail/gcrypt-devel/2005-February/000754.html
Diffstat (limited to 'src/pki.c')
-rw-r--r-- | src/pki.c | 22 |
1 files changed, 10 insertions, 12 deletions
@@ -1022,7 +1022,7 @@ int ssh_pki_signature_verify_blob(ssh_session session, unsigned char *digest, size_t dlen) { - unsigned char hash[SHA_DIGEST_LEN + 1] = {0}; + unsigned char hash[SHA_DIGEST_LEN] = {0}; ssh_signature sig; int rc; @@ -1038,10 +1038,10 @@ int ssh_pki_signature_verify_blob(ssh_session session, key->type_c); - sha1(digest, dlen, hash + 1); + sha1(digest, dlen, hash); #ifdef DEBUG_CRYPTO - ssh_print_hexa("Hash to be verified with dsa", hash + 1, SHA_DIGEST_LEN); + ssh_print_hexa("Hash to be verified with dsa", hash, SHA_DIGEST_LEN); #endif rc = pki_signature_verify(session, @@ -1063,7 +1063,7 @@ ssh_string ssh_pki_do_sign(ssh_session session, struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto : session->next_crypto; - unsigned char hash[SHA_DIGEST_LEN + 1] = {0}; + unsigned char hash[SHA_DIGEST_LEN] = {0}; ssh_signature sig; ssh_string sig_blob = NULL; ssh_string str = NULL; @@ -1089,11 +1089,10 @@ ssh_string ssh_pki_do_sign(ssh_session session, sha1_update(ctx, str, ssh_string_len(str) + 4); ssh_string_free(str); sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf)); - sha1_final(hash + 1, ctx); - hash[0] = 0; + sha1_final(hash, ctx); #ifdef DEBUG_CRYPTO - ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN); + ssh_print_hexa("Hash being signed with dsa", hash, SHA_DIGEST_LEN); #endif sig = pki_do_sign(privkey, hash, SHA_DIGEST_LEN); @@ -1169,7 +1168,7 @@ ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session, struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto : session->next_crypto; - unsigned char hash[SHA_DIGEST_LEN + 1] = {0}; + unsigned char hash[SHA_DIGEST_LEN] = {0}; ssh_signature sig; ssh_string sig_blob; SHACTX ctx; @@ -1184,14 +1183,13 @@ ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session, return NULL; } sha1_update(ctx, crypto->session_id, SHA_DIGEST_LEN); - sha1_final(hash + 1, ctx); - hash[0] = 0; + sha1_final(hash, ctx); #ifdef DEBUG_CRYPTO - ssh_print_hexa("Hash being signed", hash + 1, SHA_DIGEST_LEN); + ssh_print_hexa("Hash being signed", hash, SHA_DIGEST_LEN); #endif - sig = pki_do_sign_sessionid(privkey, hash); + sig = pki_do_sign_sessionid(privkey, hash, SHA_DIGEST_LEN); if (sig == NULL) { return NULL; } |