pki_gcrypt: fix DSA signature extraction

Fix DSA signature extraction for the LIBGCRYPT build. Here, the same fix that was applied to the LIBCRYPTO build for https://red.libssh.org/issues/144 is now adapted for pki_gcrypt. Additionally, ensure to set the resulting output sig_blob buffer before returning. Before this fix, one can observe the failure with the pkd test on a LIBGCRYPT build as so: # ./pkd_hello -i 1 -t torture_pkd_openssh_dsa_dsa_default After, runs of 10000 back-to-back iterations of the same test are passing. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
author: Jon Simons <jon@jonsimons.org> 2014-12-07 16:41:31 -0800
committer: Andreas Schneider <asn@cryptomilk.org> 2014-12-09 19:21:47 +0100
commit: b35f1f488c022e08a905f94e582de3d6f0b1881b (patch)
tree: 3b864e6718f1d6e05328fccf90219ec7ad891b53 /src/pki_gcrypt.c
parent: 10f71c67690cf3c0e1b6a733c3641407df2224e2 (diff)
download: libssh-b35f1f488c022e08a905f94e582de3d6f0b1881b.tar.gz
libssh-b35f1f488c022e08a905f94e582de3d6f0b1881b.tar.xz
libssh-b35f1f488c022e08a905f94e582de3d6f0b1881b.zip
1 files changed, 29 insertions, 3 deletions
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index cac341e2..e6db518f 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -1357,9 +1357,14 @@ int pki_export_pubkey_rsa1(const ssh_key key,
 
 ssh_string pki_signature_to_blob(const ssh_signature sig)
 {
-    char buffer[40] = {0};
+    char buffer[40] = { 0 };
+
     const char *r = NULL;
+    size_t r_len, r_offset_in, r_offset_out;
+
     const char *s = NULL;
+    size_t s_len, s_offset_in, s_offset_out;
+
     gcry_sexp_t sexp;
     size_t size = 0;
     ssh_string sig_blob = NULL;
@@ -1376,7 +1381,14 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
                 size--;
                 r++;
             }
-            memcpy(buffer, r + size - 20, 20);
+
+            r_len = size;
+            r_offset_in  = (r_len > 20) ? (r_len - 20) : 0;
+            r_offset_out = (r_len < 20) ? (20 - r_len) : 0;
+            memcpy(buffer + r_offset_out,
+                   r + r_offset_in,
+                   r_len - r_offset_in);
+
             gcry_sexp_release(sexp);
 
             sexp = gcry_sexp_find_token(sig->dsa_sig, "s", 0);
@@ -1388,8 +1400,22 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
                 size--;
                 s++;
             }
-            memcpy(buffer+ 20, s + size - 20, 20);
+
+            s_len = size;
+            s_offset_in  = (s_len > 20) ? (s_len - 20) : 0;
+            s_offset_out = (s_len < 20) ? (20 - s_len) : 0;
+            memcpy(buffer + 20 + s_offset_out,
+                   s + s_offset_in,
+                   s_len - s_offset_in);
+
             gcry_sexp_release(sexp);
+
+            sig_blob = ssh_string_new(40);
+            if (sig_blob == NULL) {
+                return NULL;
+            }
+
+            ssh_string_fill(sig_blob, buffer, 40);
             break;
         case SSH_KEYTYPE_RSA:
         case SSH_KEYTYPE_RSA1:
author	Jon Simons <jon@jonsimons.org>	2014-12-07 16:41:31 -0800
committer	Andreas Schneider <asn@cryptomilk.org>	2014-12-09 19:21:47 +0100
commit	b35f1f488c022e08a905f94e582de3d6f0b1881b (patch)
tree	3b864e6718f1d6e05328fccf90219ec7ad891b53 /src/pki_gcrypt.c
parent	10f71c67690cf3c0e1b6a733c3641407df2224e2 (diff)
download	libssh-b35f1f488c022e08a905f94e582de3d6f0b1881b.tar.gz libssh-b35f1f488c022e08a905f94e582de3d6f0b1881b.tar.xz libssh-b35f1f488c022e08a905f94e582de3d6f0b1881b.zip