From f915a31a4de81b35f83683594a22a1f453385a5d Mon Sep 17 00:00:00 2001 From: Patrick Monnerat Date: Wed, 18 Nov 2015 18:28:54 +0100 Subject: [PATCH] Feature an optional crypto-specific macro to rsa sign a data fragment vector OS/400 crypto library is unable to sign a precomputed SHA1 hash: however it does support a procedure that hashes data fragments and rsa signs. If defined, the new macro _libssh2_rsa_sha1_signv() implements this function and disables use of _libssh2_rsa_sha1_sign(). The function described above requires that the struct iovec unused slacks are cleared: for this reason, macro libssh2_prepare_iovec() has been introduced. It should be defined as empty for crypto backends that are not sensitive to struct iovec unused slack values. --- src/hostkey.c | 6 ++++++ src/libgcrypt.h | 2 ++ src/openssl.h | 2 ++ src/userauth.c | 3 +++ src/wincng.h | 2 ++ 5 files changed, 15 insertions(+) diff --git a/src/hostkey.c b/src/hostkey.c index 36225ec..2a0a8f9 100644 --- a/src/hostkey.c +++ b/src/hostkey.c @@ -200,6 +200,11 @@ hostkey_method_ssh_rsa_signv(LIBSSH2_SESSION * session, void **abstract) { libssh2_rsa_ctx *rsactx = (libssh2_rsa_ctx *) (*abstract); + +#ifdef _libssh2_rsa_sha1_signv + return _libssh2_rsa_sha1_signv(session, signature, signature_len, + veccount, datavec, rsactx); +#else int ret; int i; unsigned char hash[SHA_DIGEST_LENGTH]; @@ -218,6 +223,7 @@ hostkey_method_ssh_rsa_signv(LIBSSH2_SESSION * session, } return 0; +#endif } /* diff --git a/src/libgcrypt.h b/src/libgcrypt.h index 20062ed..11d6ad2 100644 --- a/src/libgcrypt.h +++ b/src/libgcrypt.h @@ -62,6 +62,8 @@ #define _libssh2_random(buf, len) \ (gcry_randomize ((buf), (len), GCRY_STRONG_RANDOM), 1) +#define libssh2_prepare_iovec(vec, len) /* Empty. */ + #define libssh2_sha1_ctx gcry_md_hd_t /* returns 0 in case of failure */ diff --git a/src/openssl.h b/src/openssl.h index d2adbdf..4b2e3d3 100644 --- a/src/openssl.h +++ b/src/openssl.h @@ -114,6 +114,8 @@ #define _libssh2_random(buf, len) RAND_bytes ((buf), (len)) +#define libssh2_prepare_iovec(vec, len) /* Empty. */ + #if OPENSSL_VERSION_NUMBER >= 0x10100000L #define libssh2_sha1_ctx EVP_MD_CTX * #else diff --git a/src/userauth.c b/src/userauth.c index 67bb9d2..cdfa25e 100644 --- a/src/userauth.c +++ b/src/userauth.c @@ -716,6 +716,7 @@ sign_frommemory(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, if(rc) return rc; + libssh2_prepare_iovec(&datavec, 1); datavec.iov_base = (void *)data; datavec.iov_len = data_len; @@ -751,6 +752,7 @@ sign_fromfile(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, if(rc) return rc; + libssh2_prepare_iovec(&datavec, 1); datavec.iov_base = (void *)data; datavec.iov_len = data_len; @@ -873,6 +875,7 @@ userauth_hostbased_fromfile(LIBSSH2_SESSION *session, } _libssh2_htonu32(buf, session->session_id_len); + libssh2_prepare_iovec(datavec, 4); datavec[0].iov_base = (void *)buf; datavec[0].iov_len = 4; datavec[1].iov_base = (void *)session->session_id; diff --git a/src/wincng.h b/src/wincng.h index 6e204f4..5219db7 100755 --- a/src/wincng.h +++ b/src/wincng.h @@ -111,6 +111,8 @@ void _libssh2_wincng_free(void); #define _libssh2_random(buf, len) \ _libssh2_wincng_random(buf, len) +#define libssh2_prepare_iovec(vec, len) /* Empty. */ + /*******************************************************************/ /*