|
Lines 35-40
Link Here
|
| 35 |
|
35 |
|
| 36 |
static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); |
36 |
static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); |
| 37 |
|
37 |
|
|
|
38 |
static int openssh_RSA_verify_inFIPS(const Key *key, const u_char *signature, u_int signaturelen, |
| 39 |
const u_char *data, u_int datalen); |
| 40 |
|
| 38 |
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ |
41 |
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ |
| 39 |
int |
42 |
int |
| 40 |
ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, |
43 |
ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, |
|
Lines 158-174
ssh_rsa_verify(const Key *key, const u_c
Link Here
|
| 158 |
memset(sigblob, 0, diff); |
161 |
memset(sigblob, 0, diff); |
| 159 |
len = modlen; |
162 |
len = modlen; |
| 160 |
} |
163 |
} |
| 161 |
nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
|
|
| 162 |
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
| 163 |
error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); |
| 164 |
xfree(sigblob); |
| 165 |
return -1; |
| 166 |
} |
| 167 |
EVP_DigestInit(&md, evp_md); |
| 168 |
EVP_DigestUpdate(&md, data, datalen); |
| 169 |
EVP_DigestFinal(&md, digest, &dlen); |
| 170 |
|
164 |
|
| 171 |
ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
165 |
/* If FIPS mode active use the EVP layer so direct calls into RSA lib functions |
|
|
166 |
* are avoided because that will cause a failure in openssl 0.9.8r or greater.. */ |
| 167 |
if(FIPS_mode()) { |
| 168 |
ret = openssh_RSA_verify_inFIPS(key, sigblob, len, data, datalen); |
| 169 |
debug("ssh_rsa_verify: openssh_RSA_verify_inFIPS returning %d",ret); |
| 170 |
return ret; |
| 171 |
} else { |
| 172 |
/* end FIPS specific portion. */ |
| 173 |
|
| 174 |
nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
| 175 |
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
| 176 |
error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); |
| 177 |
xfree(sigblob); |
| 178 |
return -1; |
| 179 |
} |
| 180 |
EVP_DigestInit(&md, evp_md); |
| 181 |
EVP_DigestUpdate(&md, data, datalen); |
| 182 |
EVP_DigestFinal(&md, digest, &dlen); |
| 183 |
|
| 184 |
ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
| 185 |
} |
| 172 |
memset(digest, 'd', sizeof(digest)); |
186 |
memset(digest, 'd', sizeof(digest)); |
| 173 |
memset(sigblob, 's', len); |
187 |
memset(sigblob, 's', len); |
| 174 |
xfree(sigblob); |
188 |
xfree(sigblob); |
|
Lines 266-268
done:
Link Here
|
| 266 |
xfree(decrypted); |
280 |
xfree(decrypted); |
| 267 |
return ret; |
281 |
return ret; |
| 268 |
} |
282 |
} |
|
|
283 |
|
| 284 |
static int openssh_RSA_verify_inFIPS(const Key *key, const u_char *signature, u_int signaturelen, |
| 285 |
const u_char *data, u_int datalen) |
| 286 |
{ |
| 287 |
EVP_MD_CTX md_ctx; |
| 288 |
EVP_PKEY pubkey; |
| 289 |
int verified = 0; |
| 290 |
|
| 291 |
EVP_MD_CTX_init(&md_ctx); |
| 292 |
EVP_PKEY_assign_RSA(&pubkey,key->rsa); |
| 293 |
|
| 294 |
/* Note, if EVP_md5() is used, due to FIPS |
| 295 |
* there will be a rejection, so we only |
| 296 |
* handle the sha1 case */ |
| 297 |
EVP_VerifyInit_ex(&md_ctx,EVP_sha1(),NULL); |
| 298 |
EVP_VerifyUpdate(&md_ctx,data,datalen); |
| 299 |
|
| 300 |
verified = EVP_VerifyFinal(&md_ctx,signature,signaturelen,&pubkey); |
| 301 |
|
| 302 |
if (verified <= 0) |
| 303 |
{ |
| 304 |
/* bad signature */ |
| 305 |
debug("openssh_RSA_verify_inFIPS EVP_VerifyFinal BAD SIG code:%d",verified); |
| 306 |
return 0; |
| 307 |
} |
| 308 |
return 1; |
| 309 |
} |
| 310 |
|