aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormilo <milo@r0ot.me>2011-08-26 22:15:38 +0200
committermilo <milo@r0ot.me>2011-08-26 22:18:04 +0200
commit228e2edac5ebb0e21e9eac3f19c3200d6d1e65bf (patch)
treebc1d1aa97d6e742404e3c321316a902437c19c51
parent1d734f16cf6bb8561e9f3f987bae4178b7e81560 (diff)
downloadlibssh-228e2edac5ebb0e21e9eac3f19c3200d6d1e65bf.tar.gz
libssh-228e2edac5ebb0e21e9eac3f19c3200d6d1e65bf.tar.xz
libssh-228e2edac5ebb0e21e9eac3f19c3200d6d1e65bf.zip
Quick fix for gcrypt DSA signaturegcrypt_dsa
-rw-r--r--src/pki_gcrypt.c27
1 files changed, 22 insertions, 5 deletions
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index 8d94d16..5e10773 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -1262,8 +1262,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
}
#ifdef DEBUG_CRYPTO
- ssh_print_hexa("r", ssh_string_data(str), 20);
- ssh_print_hexa("s", (unsigned char *)ssh_string_data(rs) + 20, 20);
+ ssh_pki_log("DSA signature len: %lu", (unsigned long)len);
+ ssh_print_hexa("DSA signature", ssh_string_data(sig_blob), len);
#endif
err = gcry_sexp_build(&sig->dsa_sig,
@@ -1329,7 +1329,12 @@ int pki_signature_verify(ssh_session session,
switch(key->type) {
case SSH_KEYTYPE_DSS:
- err = gcry_sexp_build(&sexp, NULL, "%b", len, hash + 1);
+ if(hash[1] < 0x80) {
+ hash = hash + 1;
+ } else {
+ len = len + 1;
+ }
+ err = gcry_sexp_build(&sexp, NULL, "%b", len, hash);
if (err) {
ssh_set_error(session,
SSH_FATAL,
@@ -1399,7 +1404,12 @@ ssh_signature pki_do_sign(const ssh_key privkey,
switch (privkey->type) {
case SSH_KEYTYPE_DSS:
- err = gcry_sexp_build(&sexp, NULL, "%b", hlen + 1, hash);
+ if(hash[1] < 0x80) {
+ hash = hash + 1;
+ } else {
+ hlen = hlen + 1;
+ }
+ err = gcry_sexp_build(&sexp, NULL, "%b", hlen, hash);
if (err) {
ssh_signature_free(sig);
return NULL;
@@ -1447,6 +1457,7 @@ ssh_signature pki_do_sign_sessionid(const ssh_key key,
ssh_signature sig;
gcry_sexp_t sexp;
gcry_error_t err;
+ size_t len;
sig = ssh_signature_new();
if (sig == NULL) {
@@ -1456,10 +1467,16 @@ ssh_signature pki_do_sign_sessionid(const ssh_key key,
switch(key->type) {
case SSH_KEYTYPE_DSS:
+ len = SHA_DIGEST_LEN;
+ if(hash[1] < 0x80) {
+ hash = hash + 1;
+ } else {
+ len = len + 1;
+ }
err = gcry_sexp_build(&sexp,
NULL,
"%b",
- SHA_DIGEST_LEN + 1,
+ len,
hash);
if (err) {
ssh_signature_free(sig);