diff options
| author | des <des@FreeBSD.org> | 2010-11-11 11:46:19 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2010-11-11 11:46:19 +0000 |
| commit | 59d1af232220700389c3543e93e1b1f2e2619919 (patch) | |
| tree | 6eb7398d6e807c1a0d65a65c3e0dc92c453bb592 /crypto/openssh/ssh-rsa.c | |
| parent | ac0984a6533794998189315ced48d83ce881917d (diff) | |
| parent | a074372f88279f4eaaed8ab05de3f3fda1fac4eb (diff) | |
| download | FreeBSD-src-59d1af232220700389c3543e93e1b1f2e2619919.zip FreeBSD-src-59d1af232220700389c3543e93e1b1f2e2619919.tar.gz | |
Upgrade to OpenSSH 5.6p1.
Diffstat (limited to 'crypto/openssh/ssh-rsa.c')
| -rw-r--r-- | crypto/openssh/ssh-rsa.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/crypto/openssh/ssh-rsa.c b/crypto/openssh/ssh-rsa.c index 842857f..c471ff3 100644 --- a/crypto/openssh/ssh-rsa.c +++ b/crypto/openssh/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.40 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.44 2010/07/16 14:07:35 djm Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> * @@ -30,6 +30,7 @@ #include "buffer.h" #include "key.h" #include "compat.h" +#include "misc.h" #include "ssh.h" static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); @@ -46,9 +47,8 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, int ok, nid; Buffer b; - if (key == NULL || - (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || - key->rsa == NULL) { + if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && + key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { error("ssh_rsa_sign: no RSA key"); return -1; } @@ -115,9 +115,8 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, u_int len, dlen, modlen; int rlen, ret, nid; - if (key == NULL || - (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || - key->rsa == NULL) { + if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && + key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { error("ssh_rsa_verify: no RSA key"); return -1; } @@ -212,7 +211,7 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen, u_char *sigbuf, u_int siglen, RSA *rsa) { u_int ret, rsasize, oidlen = 0, hlen = 0; - int len; + int len, oidmatch, hashmatch; const u_char *oid = NULL; u_char *decrypted = NULL; @@ -251,11 +250,13 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen, error("bad decrypted len: %d != %d + %d", len, hlen, oidlen); goto done; } - if (memcmp(decrypted, oid, oidlen) != 0) { + oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0; + hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0; + if (!oidmatch) { error("oid mismatch"); goto done; } - if (memcmp(decrypted + oidlen, hash, hlen) != 0) { + if (!hashmatch) { error("hash mismatch"); goto done; } |
