0,0 → 1,133 |
Author: Magnus Holmgren <holmgren@debian.org> |
Description: Adapt to Nettle 2.1 |
|
--- a/src/spki/verify.c |
+++ b/src/spki/verify.c |
@@ -75,11 +75,11 @@ spki_verify_dsa(const uint8_t *digest, |
dsa_signature_init(&rs); |
|
res = (dsa_keypair_from_sexp_alist(&dsa, NULL, |
- RSA_KEYSIZE_LIMIT, &key->sexp) |
+ RSA_KEYSIZE_LIMIT, DSA_SHA1_Q_BITS, &key->sexp) |
&& spki_parse_type(key) |
- && dsa_signature_from_sexp(&rs, &signature->sexp) |
+ && dsa_signature_from_sexp(&rs, &signature->sexp, DSA_SHA1_Q_BITS) |
&& spki_parse_type(signature) |
- && dsa_verify_digest(&dsa, digest, &rs)); |
+ && dsa_sha1_verify_digest(&dsa, digest, &rs)); |
|
dsa_signature_clear(&rs); |
dsa_public_key_clear(&dsa); |
--- a/src/dsa.c |
+++ b/src/dsa.c |
@@ -118,7 +118,7 @@ do_dsa_verify(struct verifier *c, int al |
&& (atom == ATOM_SSH_DSS) |
&& parse_string(&buffer, &buf_length, &buf) |
&& !(buf_length % 2) |
- && (buf_length <= (2 * DSA_Q_OCTETS)) |
+ && (buf_length <= (2 * DSA_SHA1_Q_OCTETS)) |
&& parse_eod(&buffer))) |
goto fail; |
|
@@ -143,8 +143,8 @@ do_dsa_verify(struct verifier *c, int al |
if (! (sexp_iterator_first(&i, signature_length, signature_data) |
&& sexp_iterator_enter_list(&i) |
&& sexp_iterator_assoc(&i, 2, names, values) |
- && nettle_mpz_set_sexp(sv.r, DSA_Q_BITS, &values[0]) |
- && nettle_mpz_set_sexp(sv.s, DSA_Q_BITS, &values[1])) ) |
+ && nettle_mpz_set_sexp(sv.r, DSA_SHA1_Q_BITS, &values[0]) |
+ && nettle_mpz_set_sexp(sv.s, DSA_SHA1_Q_BITS, &values[1])) ) |
goto fail; |
|
break; |
@@ -156,7 +156,7 @@ do_dsa_verify(struct verifier *c, int al |
sha1_init(&hash); |
sha1_update(&hash, length, msg); |
|
- res = dsa_verify(&self->key, &hash, &sv); |
+ res = dsa_sha1_verify(&self->key, &hash, &sv); |
fail: |
|
dsa_signature_clear(&sv); |
@@ -212,7 +212,7 @@ parse_ssh_dss_public(struct simple_buffe |
|
if (parse_bignum(buffer, res->key.p, DSA_MAX_OCTETS) |
&& (mpz_sgn(res->key.p) == 1) |
- && parse_bignum(buffer, res->key.q, DSA_Q_OCTETS) |
+ && parse_bignum(buffer, res->key.q, DSA_SHA1_Q_OCTETS) |
&& (mpz_sgn(res->key.q) == 1) |
&& (mpz_cmp(res->key.q, res->key.p) < 0) /* q < p */ |
&& parse_bignum(buffer, res->key.g, DSA_MAX_OCTETS) |
@@ -269,7 +269,7 @@ do_dsa_sign(struct signer *c, |
dsa_signature_init(&sv); |
sha1_init(&hash); |
sha1_update(&hash, msg_length, msg); |
- dsa_sign(&self->verifier->key, &self->key, |
+ dsa_sha1_sign(&self->verifier->key, &self->key, |
self->random, lsh_random, &hash, &sv); |
|
debug("do_dsa_sign: r = %xn, s = %xn\n", sv.r, sv.s); |
@@ -323,7 +323,7 @@ make_dsa_verifier(struct signature_algor |
NEW(dsa_verifier, res); |
init_dsa_verifier(res); |
|
- if (dsa_keypair_from_sexp_alist(&res->key, NULL, DSA_MAX_BITS, i)) |
+ if (dsa_keypair_from_sexp_alist(&res->key, NULL, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i)) |
return &res->super; |
|
KILL(res); |
@@ -342,7 +342,7 @@ make_dsa_signer(struct signature_algorit |
|
dsa_private_key_init(&res->key); |
|
- if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, DSA_MAX_BITS, i)) |
+ if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i)) |
{ |
res->random = self->random; |
res->verifier = verifier; |
--- a/src/crypto.c |
+++ b/src/crypto.c |
@@ -251,10 +251,6 @@ make_des3_cbc_instance(struct crypto_alg |
const uint8_t *key, const uint8_t *iv) |
{ |
NEW(des3_instance, self); |
- uint8_t pkey[DES3_KEY_SIZE]; |
- |
- /* Fix odd parity */ |
- des_fix_parity(DES3_KEY_SIZE, pkey, key); |
|
self->super.block_size = DES3_BLOCK_SIZE; |
self->super.crypt = ( (mode == CRYPTO_ENCRYPT) |
@@ -263,19 +259,13 @@ make_des3_cbc_instance(struct crypto_alg |
|
CBC_SET_IV(&self->ctx, iv); |
|
- if (des3_set_key(&self->ctx.ctx, pkey)) |
+ if (des3_set_key(&self->ctx.ctx, key)) |
return(&self->super); |
- |
- switch(self->ctx.ctx.status) |
+ else |
{ |
- case DES_BAD_PARITY: |
- fatal("Internal error! Bad parity in make_des3_instance.\n"); |
- case DES_WEAK_KEY: |
werror("Detected weak DES key.\n"); |
KILL(self); |
return NULL; |
- default: |
- fatal("Internal error!\n"); |
} |
} |
|
--- a/src/lsh-keygen.c |
+++ b/src/lsh-keygen.c |
@@ -217,7 +217,7 @@ dsa_generate_key(struct randomness *r, u |
if (dsa_generate_keypair(&public, &private, |
r, lsh_random, |
NULL, progress, |
- 512 + 64 * level)) |
+ 512 + 64 * level, DSA_SHA1_Q_BITS)) |
{ |
key = |
lsh_string_format_sexp(0, |