Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 3e19295c3a253c8dc8660cf45baad7f45fccb969^! / . / ssh-dss.c
commit3e19295c3a253c8dc8660cf45baad7f45fccb969[log] [tgz]
authorDamien Miller <djm@mindrot.org>Sun Dec 29 17:47:50 2013 +1100
committerDamien Miller <djm@mindrot.org>Sun Dec 29 17:47:50 2013 +1100
treee4c9f61c8391f3bce679cfa60f24c7c1c014cc02
parent137977180be6254639e2c90245763e6965f8d815 [diff] [blame]
   - djm@cvs.openbsd.org 2013/12/27 22:30:17
     [ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
     make the original RSA and DSA signing/verification code look more like
     the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
     rather than tediously listing all variants, use __func__ for debug/
     error messages

diff --git a/ssh-dss.c b/ssh-dss.c
index 322ec9f..a6292aa 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-dss.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: ssh-dss.c,v 1.29 2013/12/27 22:30:17 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -53,11 +53,12 @@
 	u_int rlen, slen, len, dlen;
 	Buffer b;
 
-	if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA &&
-	    key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) {
-		error("ssh_dss_sign: no DSA key");
+	if (key == NULL || key_type_plain(key->type) != KEY_DSA ||
+	    key->dsa == NULL) {
+		error("%s: no DSA key", __func__);
 		return -1;
 	}
+
 	EVP_DigestInit(&md, evp_md);
 	EVP_DigestUpdate(&md, data, datalen);
 	EVP_DigestFinal(&md, digest, &dlen);
@@ -117,9 +118,9 @@
 	int rlen, ret;
 	Buffer b;
 
-	if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA &&
-	    key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) {
-		error("ssh_dss_verify: no DSA key");
+	if (key == NULL || key_type_plain(key->type) != KEY_DSA ||
+	    key->dsa == NULL) {
+		error("%s: no DSA key", __func__);
 		return -1;
 	}
 
@@ -135,7 +136,7 @@
 		buffer_append(&b, signature, signaturelen);
 		ktype = buffer_get_cstring(&b, NULL);
 		if (strcmp("ssh-dss", ktype) != 0) {
-			error("ssh_dss_verify: cannot handle type %s", ktype);
+			error("%s: cannot handle type %s", __func__, ktype);
 			buffer_free(&b);
 			free(ktype);
 			return -1;
@@ -145,8 +146,8 @@
 		rlen = buffer_len(&b);
 		buffer_free(&b);
 		if (rlen != 0) {
-			error("ssh_dss_verify: "
-			    "remaining bytes in signature %d", rlen);
+			error("%s: remaining bytes in signature %d",
+			    __func__, rlen);
 			free(sigblob);
 			return -1;
 		}
@@ -158,14 +159,14 @@
 
 	/* parse signature */
 	if ((sig = DSA_SIG_new()) == NULL)
-		fatal("ssh_dss_verify: DSA_SIG_new failed");
+		fatal("%s: DSA_SIG_new failed", __func__);
 	if ((sig->r = BN_new()) == NULL)
-		fatal("ssh_dss_verify: BN_new failed");
+		fatal("%s: BN_new failed", __func__);
 	if ((sig->s = BN_new()) == NULL)
 		fatal("ssh_dss_verify: BN_new failed");
 	if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||
 	    (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL))
-		fatal("ssh_dss_verify: BN_bin2bn failed");
+		fatal("%s: BN_bin2bn failed", __func__);
 
 	/* clean up */
 	memset(sigblob, 0, len);
@@ -181,7 +182,7 @@
 
 	DSA_SIG_free(sig);
 
-	debug("ssh_dss_verify: signature %s",
+	debug("%s: signature %s", __func__,
 	    ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error");
 	return ret;
 }