lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-10 06:23:01 +03:00
Code Activity

pki_gcrypt: fix DSA signature extraction

Browse Source 
Fix DSA signature extraction for the LIBGCRYPT build.  Here, the same fix
that was applied to the LIBCRYPTO build for https://red.libssh.org/issues/144
is now adapted for pki_gcrypt.  Additionally, ensure to set the resulting
output sig_blob buffer before returning.

Before this fix, one can observe the failure with the pkd test on a LIBGCRYPT
build as so:

  # ./pkd_hello -i 1 -t torture_pkd_openssh_dsa_dsa_default

After, runs of 10000 back-to-back iterations of the same test are passing.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jon Simons
2014-12-07 16:41:31 -08:00
committed by Andreas Schneider
parent 10f71c6769
commit b35f1f488c
1 changed files with 29 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/pki_gcrypt.c
View File

@@ -1358,8 +1358,13 @@ int pki_export_pubkey_rsa1(const ssh_key key,
ssh_string pki_signature_to_blob(const ssh_signature sig) ssh_string pki_signature_to_blob(const ssh_signature sig)
{ {
char buffer[40] = { 0 }; char buffer[40] = { 0 };
const char *r = NULL; const char *r = NULL;
size_t r_len, r_offset_in, r_offset_out;
const char *s = NULL; const char *s = NULL;
size_t s_len, s_offset_in, s_offset_out;
gcry_sexp_t sexp; gcry_sexp_t sexp;
size_t size = 0; size_t size = 0;
ssh_string sig_blob = NULL; ssh_string sig_blob = NULL;
@@ -1376,7 +1381,14 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
size--; size--;
r++; r++;
} }
memcpy(buffer, r + size - 20, 20);
r_len = size;
r_offset_in = (r_len > 20) ? (r_len - 20) : 0;
r_offset_out = (r_len < 20) ? (20 - r_len) : 0;
memcpy(buffer + r_offset_out,
r + r_offset_in,
r_len - r_offset_in);
gcry_sexp_release(sexp); gcry_sexp_release(sexp);
sexp = gcry_sexp_find_token(sig->dsa_sig, "s", 0); sexp = gcry_sexp_find_token(sig->dsa_sig, "s", 0);
@@ -1388,8 +1400,22 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
size--; size--;
s++; s++;
} }
memcpy(buffer+ 20, s + size - 20, 20);
s_len = size;
s_offset_in = (s_len > 20) ? (s_len - 20) : 0;
s_offset_out = (s_len < 20) ? (20 - s_len) : 0;
memcpy(buffer + 20 + s_offset_out,
s + s_offset_in,
s_len - s_offset_in);
gcry_sexp_release(sexp); gcry_sexp_release(sexp);
sig_blob = ssh_string_new(40);
if (sig_blob == NULL) {
return NULL;
}
ssh_string_fill(sig_blob, buffer, 40);
break; break;
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1: