Attachment #3538 for bug #3279




#include "sshkey.h"
#include "digest.h"
#include "log.h"
#include "misc.h"

#include "openbsd-compat/openssl-compat.h"



	ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len,
	    key->rsa);
	if (ret != 0) {
		debug_f("alg=%s", alg == NULL ? "default" : alg);
		sshbuf_free(b);
		if ((b = sshbuf_from(sigblob, len)) == NULL)
			fatal_f("sshbuf_from");
		debug_f("sigblob=%s", sshbuf_dtob64_string(b, 0));
		sshbuf_free(b);
		if ((b = sshbuf_new()) == NULL)
			fatal_f("sshbuf_new");
		if (sshkey_format_text(key, b) != 0)
			fatal_f("sshkey_format_text");
		debug_f("key=%s", sshbuf_dup_string(b));
	}
 out:
	freezero(sigblob, len);
	free(sigtype);

	return 0;
}

static int
dump_libcrypto_error(const char *str, size_t len, void *u)
{
	debug("%s: libcrypto: %.*s", (char*)u, (int)len, str);
	return 0;
}


static int
openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen,
    u_char *sigbuf, size_t siglen, RSA *rsa)

	}
	if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
	    RSA_PKCS1_PADDING)) < 0) {
		debug_f("failed RSA_public_decrypt");
		ERR_print_errors_cb(dump_libcrypto_error, (void*)__func__);
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto done;
	}

Return to bug 3279

Lines 34-39 Link Here

(-)a/ssh-rsa.c (+24 lines)
34	#include "sshkey.h"	34	#include "sshkey.h"
35	#include "digest.h"	35	#include "digest.h"
36	#include "log.h"	36	#include "log.h"
		37	#include "misc.h"
37		38
38	#include "openbsd-compat/openssl-compat.h"	39	#include "openbsd-compat/openssl-compat.h"
39		40
Lines 320-325 ssh_rsa_verify(const struct sshkey *key, Link Here
320		321
321	ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len,	322	ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len,
322	key->rsa);	323	key->rsa);
		324	if (ret != 0) {
		325	debug_f("alg=%s", alg == NULL ? "default" : alg);
		326	sshbuf_free(b);
		327	if ((b = sshbuf_from(sigblob, len)) == NULL)
		328	fatal_f("sshbuf_from");
		329	debug_f("sigblob=%s", sshbuf_dtob64_string(b, 0));
		330	sshbuf_free(b);
		331	if ((b = sshbuf_new()) == NULL)
		332	fatal_f("sshbuf_new");
		333	if (sshkey_format_text(key, b) != 0)
		334	fatal_f("sshkey_format_text");
		335	debug_f("key=%s", sshbuf_dup_string(b));
		336	}
323	out:	337	out:
324	freezero(sigblob, len);	338	freezero(sigblob, len);
325	free(sigtype);	339	free(sigtype);
Lines 399-404 rsa_hash_alg_oid(int hash_alg, const u_char *oidp, size_t oidlenp) Link Here
399	return 0;	413	return 0;
400	}	414	}
401		415
		416	static int
		417	dump_libcrypto_error(const char str, size_t len, void u)
		418	{
		419	debug("%s: libcrypto: %.s", (char)u, (int)len, str);
		420	return 0;
		421	}
		422
		423
402	static int	424	static int
403	openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen,	425	openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen,
404	u_char sigbuf, size_t siglen, RSA rsa)	426	u_char sigbuf, size_t siglen, RSA rsa)
Lines 428-433 openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen, Link Here
428	}	450	}
429	if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,	451	if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
430	RSA_PKCS1_PADDING)) < 0) {	452	RSA_PKCS1_PADDING)) < 0) {
		453	debug_f("failed RSA_public_decrypt");
		454	ERR_print_errors_cb(dump_libcrypto_error, (void*)__func__);
431	ret = SSH_ERR_LIBCRYPTO_ERROR;	455	ret = SSH_ERR_LIBCRYPTO_ERROR;
432	goto done;	456	goto done;
433	}	457	}