87 lines
2.6 KiB
Diff
87 lines
2.6 KiB
Diff
diff --color -ru ../libssh-0.9.6/src/pki_crypto.c ./src/pki_crypto.c
|
|
--- ../libssh-0.9.6/src/pki_crypto.c 2023-04-27 12:59:08.463259052 +0200
|
|
+++ ./src/pki_crypto.c 2023-04-27 13:05:24.020610873 +0200
|
|
@@ -2291,8 +2291,12 @@
|
|
unsigned char *raw_sig_data = NULL;
|
|
unsigned int raw_sig_len;
|
|
|
|
+ /* Function return code
|
|
+ * Do not change this variable throughout the function until the signature
|
|
+ * is successfully verified!
|
|
+ */
|
|
int rc = SSH_ERROR;
|
|
- int evp_rc;
|
|
+ int ok;
|
|
|
|
if (pubkey == NULL || ssh_key_is_private(pubkey) || input == NULL ||
|
|
signature == NULL || (signature->raw_sig == NULL
|
|
@@ -2307,8 +2311,8 @@
|
|
}
|
|
|
|
/* Check if public key and hash type are compatible */
|
|
- rc = pki_key_check_hash_compatible(pubkey, signature->hash_type);
|
|
- if (rc != SSH_OK) {
|
|
+ ok = pki_key_check_hash_compatible(pubkey, signature->hash_type);
|
|
+ if (ok != SSH_OK) {
|
|
return SSH_ERROR;
|
|
}
|
|
|
|
@@ -2351,8 +2355,8 @@
|
|
}
|
|
|
|
/* Verify the signature */
|
|
- evp_rc = EVP_DigestVerifyInit(ctx, NULL, md, NULL, pkey);
|
|
- if (evp_rc != 1){
|
|
+ ok = EVP_DigestVerifyInit(ctx, NULL, md, NULL, pkey);
|
|
+ if (ok != 1){
|
|
SSH_LOG(SSH_LOG_TRACE,
|
|
"EVP_DigestVerifyInit() failed: %s",
|
|
ERR_error_string(ERR_get_error(), NULL));
|
|
@@ -2360,35 +2364,31 @@
|
|
}
|
|
|
|
#ifdef HAVE_OPENSSL_EVP_DIGESTVERIFY
|
|
- evp_rc = EVP_DigestVerify(ctx, raw_sig_data, raw_sig_len, input, input_len);
|
|
+ ok = EVP_DigestVerify(ctx, raw_sig_data, raw_sig_len, input, input_len);
|
|
#else
|
|
- evp_rc = EVP_DigestVerifyUpdate(ctx, input, input_len);
|
|
- if (evp_rc != 1) {
|
|
+ ok = EVP_DigestVerifyUpdate(ctx, input, input_len);
|
|
+ if (ok != 1) {
|
|
SSH_LOG(SSH_LOG_TRACE,
|
|
"EVP_DigestVerifyUpdate() failed: %s",
|
|
ERR_error_string(ERR_get_error(), NULL));
|
|
goto out;
|
|
}
|
|
|
|
- evp_rc = EVP_DigestVerifyFinal(ctx, raw_sig_data, raw_sig_len);
|
|
+ ok = EVP_DigestVerifyFinal(ctx, raw_sig_data, raw_sig_len);
|
|
#endif
|
|
- if (evp_rc == 1) {
|
|
- SSH_LOG(SSH_LOG_TRACE, "Signature valid");
|
|
- rc = SSH_OK;
|
|
- } else {
|
|
+ if (ok != 1) {
|
|
SSH_LOG(SSH_LOG_TRACE,
|
|
"Signature invalid: %s",
|
|
ERR_error_string(ERR_get_error(), NULL));
|
|
- rc = SSH_ERROR;
|
|
+ goto out;
|
|
}
|
|
|
|
+ SSH_LOG(SSH_LOG_TRACE, "Signature valid");
|
|
+ rc = SSH_OK;
|
|
+
|
|
out:
|
|
- if (ctx != NULL) {
|
|
- EVP_MD_CTX_free(ctx);
|
|
- }
|
|
- if (pkey != NULL) {
|
|
- EVP_PKEY_free(pkey);
|
|
- }
|
|
+ EVP_MD_CTX_free(ctx);
|
|
+ EVP_PKEY_free(pkey);
|
|
return rc;
|
|
}
|
|
|