Add more error checks to sig_verify().

git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@511 7dcaeef0-15fb-0310-b436-a5af3365683c
2009-04-16 17:13:07 +00:00 · 2009-04-16 17:13:07 +00:00 · 55791d1fe6
--- a/libssh/dh.c
+++ b/libssh/dh.c
@ -872,69 +872,99 @@ static int match(const char *group, const char *object){
  return 0;
 }
-static int sig_verify(SSH_SESSION *session, PUBLIC_KEY *pubkey, SIGNATURE *signature, 
+static int sig_verify(SSH_SESSION *session, PUBLIC_KEY *pubkey,
-        unsigned char *digest){
+    SIGNATURE *signature, unsigned char *digest) {
 #ifdef HAVE_LIBGCRYPT
-    gcry_error_t valid=0;
+  gcry_error_t valid = 0;
-    gcry_sexp_t gcryhash;
+  gcry_sexp_t gcryhash;
 #elif defined HAVE_LIBCRYPTO
-    int valid=0;
+  int valid = 0;
 #endif
-    unsigned char hash[SHA_DIGEST_LEN+1];
+  unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
-    sha1(digest,SHA_DIGEST_LEN,hash+1);
+
-    hash[0]=0;
+  sha1(digest,SHA_DIGEST_LEN, hash + 1);
 #ifdef DEBUG_CRYPTO
-    ssh_print_hexa("hash to be verified with dsa",hash+1,SHA_DIGEST_LEN);
+  ssh_print_hexa("Hash to be verified with dsa", hash + 1, SHA_DIGEST_LEN);
 #endif
-    switch(pubkey->type){
+
-        case TYPE_DSS:
+  switch(pubkey->type) {
    case TYPE_DSS:
 #ifdef HAVE_LIBGCRYPT
-            gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN+1, hash);
+      valid = gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash);
-            valid=gcry_pk_verify(signature->dsa_sign,gcryhash,pubkey->dsa_pub);
+      if (valid != 0) {
-            gcry_sexp_release(gcryhash);
+        ssh_set_error(session, SSH_FATAL,
-            if(valid==0)
+            "RSA error: %s", gcry_strerror(valid));
-              return 0;
+        return -1;
-            if (gcry_err_code(valid)!=GPG_ERR_BAD_SIGNATURE){
+      }
-              ssh_set_error(session,SSH_FATAL,"DSA error : %s", gcry_strerror(valid));
+      valid = gcry_pk_verify(signature->dsa_sign, gcryhash, pubkey->dsa_pub);
      gcry_sexp_release(gcryhash);
      if (valid == 0) {
        return 0;
      }
      if (gcry_err_code(valid) != GPG_ERR_BAD_SIGNATURE) {
        ssh_set_error(session, SSH_FATAL,
            "DSA error: %s", gcry_strerror(valid));
        return -1;
      }
 #elif defined HAVE_LIBCRYPTO
-            valid=DSA_do_verify(hash+1,SHA_DIGEST_LEN,signature->dsa_sign,
+      valid = DSA_do_verify(hash + 1, SHA_DIGEST_LEN, signature->dsa_sign,
-                pubkey->dsa_pub);
+          pubkey->dsa_pub);
-            if(valid==1)
+      if (valid == 1) {
-                return 0;
+        return 0;
-            if(valid==-1){
+      }
-                ssh_set_error(session,SSH_FATAL,"DSA error : %s",ERR_error_string(ERR_get_error(),NULL));
+
      if (valid == -1) {
        ssh_set_error(session, SSH_FATAL,
            "DSA error: %s", ERR_error_string(ERR_get_error(), NULL));
        return -1;
      }
 #endif
-                return -1;
+      ssh_set_error(session, SSH_FATAL, "Invalid DSA signature");
-            }
+      return -1;
-            ssh_set_error(session,SSH_FATAL,"Invalid DSA signature");
+
-            return -1;
+    case TYPE_RSA:
-        case TYPE_RSA:
+    case TYPE_RSA1:
        case TYPE_RSA1:
 #ifdef HAVE_LIBGCRYPT
-            gcry_sexp_build(&gcryhash,NULL,"(data(flags pkcs1)(hash sha1 %b))",SHA_DIGEST_LEN,hash+1);
+      valid = gcry_sexp_build(&gcryhash, NULL,
-            valid=gcry_pk_verify(signature->rsa_sign,gcryhash,pubkey->rsa_pub);
+          "(data(flags pkcs1)(hash sha1 %b))", SHA_DIGEST_LEN, hash + 1);
-            gcry_sexp_release(gcryhash);
+      if (valid != 0) {
-            if(valid==0)
+        ssh_set_error(session, SSH_FATAL,
-              return 0;
+            "RSA error: %s", gcry_strerror(valid));
-            if(gcry_err_code(valid)!=GPG_ERR_BAD_SIGNATURE){
+        return -1;
-                ssh_set_error(session,SSH_FATAL,"RSA error : %s",gcry_strerror(valid));
+      }
      valid = gcry_pk_verify(signature->rsa_sign,gcryhash,pubkey->rsa_pub);
      gcry_sexp_release(gcryhash);
      if (valid == 0) {
        return 0;
      }
      if (gcry_err_code(valid) != GPG_ERR_BAD_SIGNATURE) {
        ssh_set_error(session, SSH_FATAL,
            "RSA error: %s", gcry_strerror(valid));
        return -1;
      }
 #elif defined HAVE_LIBCRYPTO
-            valid=RSA_verify(NID_sha1,hash+1,SHA_DIGEST_LEN,
+      valid = RSA_verify(NID_sha1, hash + 1, SHA_DIGEST_LEN,
-            signature->rsa_sign->string,string_len(signature->rsa_sign),pubkey->rsa_pub);
+          signature->rsa_sign->string, string_len(signature->rsa_sign),
-            if(valid==1)
+          pubkey->rsa_pub);
-                return 0;
+      if (valid == 1) {
-            if(valid==-1){
+        return 0;
-                ssh_set_error(session,SSH_FATAL,"RSA error : %s",ERR_error_string(ERR_get_error(),NULL));
+      }
      if (valid == -1) {
        ssh_set_error(session, SSH_FATAL,
            "RSA error: %s", ERR_error_string(ERR_get_error(), NULL));
        return -1;
      }
 #endif
-                return -1;
+      ssh_set_error(session, SSH_FATAL, "Invalid RSA signature");
-            }
+      return -1;
-            ssh_set_error(session,SSH_FATAL,"Invalid RSA signature");
+    default:
-            return -1;
+      ssh_set_error(session, SSH_FATAL, "Unknown public key type");
-       default:
+      return -1;
-            ssh_set_error(session,SSH_FATAL,"Unknown public key type");
+  }
-            return -1;
+
-   }
+  return -1;
 return -1;
 }
 int signature_verify(SSH_SESSION *session,STRING *signature){