Feature an optional crypto-specific macro to rsa sign a data fragment vector

OS/400 crypto library is unable to sign a precomputed SHA1 hash: however it does support a procedure that hashes data fragments and rsa signs. If defined, the new macro _libssh2_rsa_sha1_signv() implements this function and disables use of _libssh2_rsa_sha1_sign(). The function described above requires that the struct iovec unused slacks are cleared: for this reason, macro libssh2_prepare_iovec() has been introduced. It should be defined as empty for crypto backends that are not sensitive to struct iovec unused slack values.
2015-11-18 18:28:54 +01:00 · 2015-11-18 18:28:54 +01:00 · f915a31a4d
commit f915a31a4d
parent 0fbf8f3c7e
5 changed files with 15 additions and 0 deletions
--- a/src/hostkey.c
+++ b/src/hostkey.c
@ -200,6 +200,11 @@ hostkey_method_ssh_rsa_signv(LIBSSH2_SESSION * session,
                             void **abstract)
 {
    libssh2_rsa_ctx *rsactx = (libssh2_rsa_ctx *) (*abstract);
+
+#ifdef _libssh2_rsa_sha1_signv
+    return _libssh2_rsa_sha1_signv(session, signature, signature_len,
+                                   veccount, datavec, rsactx);
+#else
    int ret;
    int i;
    unsigned char hash[SHA_DIGEST_LENGTH];
@ -218,6 +223,7 @@ hostkey_method_ssh_rsa_signv(LIBSSH2_SESSION * session,
    }

    return 0;
+#endif
 }

 /*
--- a/src/libgcrypt.h
+++ b/src/libgcrypt.h
@ -62,6 +62,8 @@
 #define _libssh2_random(buf, len)                \
  (gcry_randomize ((buf), (len), GCRY_STRONG_RANDOM), 1)

+#define libssh2_prepare_iovec(vec, len)  /* Empty. */
+
 #define libssh2_sha1_ctx gcry_md_hd_t

 /* returns 0 in case of failure */
--- a/src/openssl.h
+++ b/src/openssl.h
@ -114,6 +114,8 @@

 #define _libssh2_random(buf, len) RAND_bytes ((buf), (len))

+#define libssh2_prepare_iovec(vec, len)  /* Empty. */
+
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 #define libssh2_sha1_ctx EVP_MD_CTX *
 #else
--- a/src/userauth.c
+++ b/src/userauth.c
@ -716,6 +716,7 @@ sign_frommemory(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
    if(rc)
        return rc;

+    libssh2_prepare_iovec(&datavec, 1);
    datavec.iov_base = (void *)data;
    datavec.iov_len  = data_len;

@ -751,6 +752,7 @@ sign_fromfile(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
    if(rc)
        return rc;

+    libssh2_prepare_iovec(&datavec, 1);
    datavec.iov_base = (void *)data;
    datavec.iov_len  = data_len;

@ -873,6 +875,7 @@ userauth_hostbased_fromfile(LIBSSH2_SESSION *session,
        }

        _libssh2_htonu32(buf, session->session_id_len);
+        libssh2_prepare_iovec(datavec, 4);
        datavec[0].iov_base = (void *)buf;
        datavec[0].iov_len = 4;
        datavec[1].iov_base = (void *)session->session_id;
--- a/src/wincng.h
+++ b/src/wincng.h
@ -111,6 +111,8 @@ void _libssh2_wincng_free(void);
 #define _libssh2_random(buf, len) \
  _libssh2_wincng_random(buf, len)

+#define libssh2_prepare_iovec(vec, len)  /* Empty. */
+

 /*******************************************************************/
 /*