diff options
| author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-05-09 17:38:54 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2019-05-13 16:37:51 +0200 |
| commit | 248e5acd5c9f9bb08b7d04dce13564bf4c817cca (patch) | |
| tree | 6f2c2e7bf876e7f02177b44cf70c60bea94e6ce4 /src/pki_crypto.c | |
| parent | 550a1a766789c7655e13ccf1ba9b8c4c8bb46bbf (diff) | |
| download | libssh-248e5acd5c9f9bb08b7d04dce13564bf4c817cca.tar.gz libssh-248e5acd5c9f9bb08b7d04dce13564bf4c817cca.tar.xz libssh-248e5acd5c9f9bb08b7d04dce13564bf4c817cca.zip | |
pki: Fail to sign when using wrong hash algorithm
Do not allow using SSH_DIGEST_AUTO for any algorithm other than
ed25519.
Do not allow using incompatible hash algorithms when signing or
verifying signatures.
Added negative tests for all combinations of signature and hash
algorithms.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/pki_crypto.c')
| -rw-r--r-- | src/pki_crypto.c | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c index 25507f83..0949bd96 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -583,9 +583,13 @@ int pki_key_generate_ecdsa(ssh_key key, int parameter) { key->type = SSH_KEYTYPE_ECDSA_P521; break; case 256: - default: key->ecdsa_nid = NID_X9_62_prime256v1; key->type = SSH_KEYTYPE_ECDSA_P256; + break; + default: + SSH_LOG(SSH_LOG_WARN, "Invalid parameter %d for ECDSA key " + "generation", parameter); + return SSH_ERROR; } key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid); @@ -1922,6 +1926,12 @@ int pki_signature_verify(ssh_session session, return SSH_ERROR; } + /* Check if public key and hash type are compatible */ + rc = pki_key_check_hash_compatible(key, sig->hash_type); + if (rc != SSH_OK) { + return SSH_ERROR; + } + /* For ed25519 keys, verify using the input directly */ if (key->type == SSH_KEYTYPE_ED25519 || key->type == SSH_KEYTYPE_ED25519_CERT01) @@ -1957,9 +1967,9 @@ static const EVP_MD *pki_digest_to_md(enum ssh_digest_e hash_type) md = EVP_sha512(); break; case SSH_DIGEST_SHA1: - case SSH_DIGEST_AUTO: md = EVP_sha1(); break; + case SSH_DIGEST_AUTO: default: SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d", hash_type); @@ -2063,6 +2073,12 @@ ssh_signature pki_sign_data(const ssh_key privkey, return NULL; } + /* Check if public key and hash type are compatible */ + rc = pki_key_check_hash_compatible(privkey, hash_type); + if (rc != SSH_OK) { + return NULL; + } + /* Set hash algorithm to be used */ md = pki_digest_to_md(hash_type); if (md == NULL) { @@ -2187,6 +2203,12 @@ int pki_verify_data_signature(ssh_signature signature, return SSH_ERROR; } + /* Check if public key and hash type are compatible */ + rc = pki_key_check_hash_compatible(pubkey, signature->hash_type); + if (rc != SSH_OK) { + return SSH_ERROR; + } + /* Get the signature to be verified */ raw_sig_data = ssh_string_data(signature->raw_sig); raw_sig_len = ssh_string_len(signature->raw_sig); |