comparison signkey.c @ 1511:5916af64acd4 fuzz

merge from main
author Matt Johnston <matt@ucc.asn.au>
date Sat, 17 Feb 2018 19:29:51 +0800
parents 69862e8cc405 2d450c1056e3
children 2f64cb3d3007
comparison
equal deleted inserted replaced
1457:32f990cc96b1 1511:5916af64acd4
76 && memcmp(fixed_name, name, namelen) == 0) { 76 && memcmp(fixed_name, name, namelen) == 0) {
77 77
78 #if DROPBEAR_ECDSA 78 #if DROPBEAR_ECDSA
79 /* Some of the ECDSA key sizes are defined even if they're not compiled in */ 79 /* Some of the ECDSA key sizes are defined even if they're not compiled in */
80 if (0 80 if (0
81 #ifndef DROPBEAR_ECC_256 81 #if !DROPBEAR_ECC_256
82 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP256 82 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP256
83 #endif 83 #endif
84 #ifndef DROPBEAR_ECC_384 84 #if !DROPBEAR_ECC_384
85 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP384 85 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP384
86 #endif 86 #endif
87 #ifndef DROPBEAR_ECC_521 87 #if !DROPBEAR_ECC_521
88 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP521 88 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP521
89 #endif 89 #endif
90 ) { 90 ) {
91 TRACE(("attempt to use ecdsa type %d not compiled in", i)) 91 TRACE(("attempt to use ecdsa type %d not compiled in", i))
92 return DROPBEAR_SIGNKEY_NONE; 92 return DROPBEAR_SIGNKEY_NONE;
398 } 398 }
399 399
400 /* Since we're not sure if we'll have md5 or sha1, we present both. 400 /* Since we're not sure if we'll have md5 or sha1, we present both.
401 * MD5 is used in preference, but sha1 could still be useful */ 401 * MD5 is used in preference, but sha1 could still be useful */
402 #if DROPBEAR_MD5_HMAC 402 #if DROPBEAR_MD5_HMAC
403 static char * sign_key_md5_fingerprint(unsigned char* keyblob, 403 static char * sign_key_md5_fingerprint(const unsigned char* keyblob,
404 unsigned int keybloblen) { 404 unsigned int keybloblen) {
405 405
406 char * ret; 406 char * ret;
407 hash_state hs; 407 hash_state hs;
408 unsigned char hash[MD5_HASH_SIZE]; 408 unsigned char hash[MD5_HASH_SIZE];
433 433
434 return ret; 434 return ret;
435 } 435 }
436 436
437 #else /* use SHA1 rather than MD5 for fingerprint */ 437 #else /* use SHA1 rather than MD5 for fingerprint */
438 static char * sign_key_sha1_fingerprint(unsigned char* keyblob, 438 static char * sign_key_sha1_fingerprint(const unsigned char* keyblob,
439 unsigned int keybloblen) { 439 unsigned int keybloblen) {
440 440
441 char * ret; 441 char * ret;
442 hash_state hs; 442 hash_state hs;
443 unsigned char hash[SHA1_HASH_SIZE]; 443 unsigned char hash[SHA1_HASH_SIZE];
470 470
471 #endif /* MD5/SHA1 switch */ 471 #endif /* MD5/SHA1 switch */
472 472
473 /* This will return a freshly malloced string, containing a fingerprint 473 /* This will return a freshly malloced string, containing a fingerprint
474 * in either sha1 or md5 */ 474 * in either sha1 or md5 */
475 char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) { 475 char * sign_key_fingerprint(const unsigned char* keyblob, unsigned int keybloblen) {
476 476
477 #if DROPBEAR_MD5_HMAC 477 #if DROPBEAR_MD5_HMAC
478 return sign_key_md5_fingerprint(keyblob, keybloblen); 478 return sign_key_md5_fingerprint(keyblob, keybloblen);
479 #else 479 #else
480 return sign_key_sha1_fingerprint(keyblob, keybloblen); 480 return sign_key_sha1_fingerprint(keyblob, keybloblen);
481 #endif 481 #endif
482 } 482 }
483 483
484 void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, 484 void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type,
485 buffer *data_buf) { 485 const buffer *data_buf) {
486 buffer *sigblob; 486 buffer *sigblob;
487 sigblob = buf_new(MAX_PUBKEY_SIZE); 487 sigblob = buf_new(MAX_PUBKEY_SIZE);
488 488
489 #if DROPBEAR_DSS 489 #if DROPBEAR_DSS
490 if (type == DROPBEAR_SIGNKEY_DSS) { 490 if (type == DROPBEAR_SIGNKEY_DSS) {
515 #if DROPBEAR_SIGNKEY_VERIFY 515 #if DROPBEAR_SIGNKEY_VERIFY
516 /* Return DROPBEAR_SUCCESS or DROPBEAR_FAILURE. 516 /* Return DROPBEAR_SUCCESS or DROPBEAR_FAILURE.
517 * If FAILURE is returned, the position of 517 * If FAILURE is returned, the position of
518 * buf is undefined. If SUCCESS is returned, buf will be positioned after the 518 * buf is undefined. If SUCCESS is returned, buf will be positioned after the
519 * signature blob */ 519 * signature blob */
520 int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) { 520 int buf_verify(buffer * buf, sign_key *key, const buffer *data_buf) {
521 521
522 char *type_name = NULL; 522 char *type_name = NULL;
523 unsigned int type_name_len = 0; 523 unsigned int type_name_len = 0;
524 enum signkey_type type; 524 enum signkey_type type;
525 525
568 * base64 data, and contains no trailing data */ 568 * base64 data, and contains no trailing data */
569 /* If fingerprint is non-NULL, it will be set to a malloc()ed fingerprint 569 /* If fingerprint is non-NULL, it will be set to a malloc()ed fingerprint
570 of the key if it is successfully decoded */ 570 of the key if it is successfully decoded */
571 int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen, 571 int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
572 const unsigned char* algoname, unsigned int algolen, 572 const unsigned char* algoname, unsigned int algolen,
573 buffer * line, char ** fingerprint) { 573 const buffer * line, char ** fingerprint) {
574 574
575 buffer * decodekey = NULL; 575 buffer * decodekey = NULL;
576 int ret = DROPBEAR_FAILURE; 576 int ret = DROPBEAR_FAILURE;
577 unsigned int len, filealgolen; 577 unsigned int len, filealgolen;
578 unsigned long decodekeylen; 578 unsigned long decodekeylen;