Subversion Repositories lsh

Compare Revisions

Ignore whitespace Rev 80 → Rev 81

/trunk/debian/control
5,7 → 5,7
Uploaders: Stefan Pfetzing <dreamind@dreamind.de>
Standards-Version: 3.9.1
Build-Depends: cdbs, debhelper (>= 7), dh-autoreconf, automake,
libgmp10-dev, zlib1g-dev | libz-dev, liboop-dev, libxau-dev, nettle-dev, nettle-bin,
libgmp10-dev, zlib1g-dev | libz-dev, liboop-dev, libxau-dev, nettle-dev (>= 2.1), nettle-bin,
texinfo (>= 4.2), guile-1.6 | scsh-0.6, heimdal-dev, libwrap0-dev | libwrap-dev,
libpam0g-dev | libpam-dev, libreadline-dev, m4
Homepage: http://www.lysator.liu.se/~nisse/lsh/
/trunk/debian/patches/nettle-2.1.patch
0,0 → 1,133
Author: Magnus Holmgren <holmgren@debian.org>
Description: Adapt to Nettle 2.1
 
--- a/src/spki/verify.c
+++ b/src/spki/verify.c
@@ -75,11 +75,11 @@ spki_verify_dsa(const uint8_t *digest,
dsa_signature_init(&rs);
res = (dsa_keypair_from_sexp_alist(&dsa, NULL,
- RSA_KEYSIZE_LIMIT, &key->sexp)
+ RSA_KEYSIZE_LIMIT, DSA_SHA1_Q_BITS, &key->sexp)
&& spki_parse_type(key)
- && dsa_signature_from_sexp(&rs, &signature->sexp)
+ && dsa_signature_from_sexp(&rs, &signature->sexp, DSA_SHA1_Q_BITS)
&& spki_parse_type(signature)
- && dsa_verify_digest(&dsa, digest, &rs));
+ && dsa_sha1_verify_digest(&dsa, digest, &rs));
dsa_signature_clear(&rs);
dsa_public_key_clear(&dsa);
--- a/src/dsa.c
+++ b/src/dsa.c
@@ -118,7 +118,7 @@ do_dsa_verify(struct verifier *c, int al
&& (atom == ATOM_SSH_DSS)
&& parse_string(&buffer, &buf_length, &buf)
&& !(buf_length % 2)
- && (buf_length <= (2 * DSA_Q_OCTETS))
+ && (buf_length <= (2 * DSA_SHA1_Q_OCTETS))
&& parse_eod(&buffer)))
goto fail;
@@ -143,8 +143,8 @@ do_dsa_verify(struct verifier *c, int al
if (! (sexp_iterator_first(&i, signature_length, signature_data)
&& sexp_iterator_enter_list(&i)
&& sexp_iterator_assoc(&i, 2, names, values)
- && nettle_mpz_set_sexp(sv.r, DSA_Q_BITS, &values[0])
- && nettle_mpz_set_sexp(sv.s, DSA_Q_BITS, &values[1])) )
+ && nettle_mpz_set_sexp(sv.r, DSA_SHA1_Q_BITS, &values[0])
+ && nettle_mpz_set_sexp(sv.s, DSA_SHA1_Q_BITS, &values[1])) )
goto fail;
break;
@@ -156,7 +156,7 @@ do_dsa_verify(struct verifier *c, int al
sha1_init(&hash);
sha1_update(&hash, length, msg);
- res = dsa_verify(&self->key, &hash, &sv);
+ res = dsa_sha1_verify(&self->key, &hash, &sv);
fail:
dsa_signature_clear(&sv);
@@ -212,7 +212,7 @@ parse_ssh_dss_public(struct simple_buffe
if (parse_bignum(buffer, res->key.p, DSA_MAX_OCTETS)
&& (mpz_sgn(res->key.p) == 1)
- && parse_bignum(buffer, res->key.q, DSA_Q_OCTETS)
+ && parse_bignum(buffer, res->key.q, DSA_SHA1_Q_OCTETS)
&& (mpz_sgn(res->key.q) == 1)
&& (mpz_cmp(res->key.q, res->key.p) < 0) /* q < p */
&& parse_bignum(buffer, res->key.g, DSA_MAX_OCTETS)
@@ -269,7 +269,7 @@ do_dsa_sign(struct signer *c,
dsa_signature_init(&sv);
sha1_init(&hash);
sha1_update(&hash, msg_length, msg);
- dsa_sign(&self->verifier->key, &self->key,
+ dsa_sha1_sign(&self->verifier->key, &self->key,
self->random, lsh_random, &hash, &sv);
debug("do_dsa_sign: r = %xn, s = %xn\n", sv.r, sv.s);
@@ -323,7 +323,7 @@ make_dsa_verifier(struct signature_algor
NEW(dsa_verifier, res);
init_dsa_verifier(res);
- if (dsa_keypair_from_sexp_alist(&res->key, NULL, DSA_MAX_BITS, i))
+ if (dsa_keypair_from_sexp_alist(&res->key, NULL, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
return &res->super;
KILL(res);
@@ -342,7 +342,7 @@ make_dsa_signer(struct signature_algorit
dsa_private_key_init(&res->key);
- if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, DSA_MAX_BITS, i))
+ if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
{
res->random = self->random;
res->verifier = verifier;
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -251,10 +251,6 @@ make_des3_cbc_instance(struct crypto_alg
const uint8_t *key, const uint8_t *iv)
{
NEW(des3_instance, self);
- uint8_t pkey[DES3_KEY_SIZE];
-
- /* Fix odd parity */
- des_fix_parity(DES3_KEY_SIZE, pkey, key);
self->super.block_size = DES3_BLOCK_SIZE;
self->super.crypt = ( (mode == CRYPTO_ENCRYPT)
@@ -263,19 +259,13 @@ make_des3_cbc_instance(struct crypto_alg
CBC_SET_IV(&self->ctx, iv);
- if (des3_set_key(&self->ctx.ctx, pkey))
+ if (des3_set_key(&self->ctx.ctx, key))
return(&self->super);
-
- switch(self->ctx.ctx.status)
+ else
{
- case DES_BAD_PARITY:
- fatal("Internal error! Bad parity in make_des3_instance.\n");
- case DES_WEAK_KEY:
werror("Detected weak DES key.\n");
KILL(self);
return NULL;
- default:
- fatal("Internal error!\n");
}
}
--- a/src/lsh-keygen.c
+++ b/src/lsh-keygen.c
@@ -217,7 +217,7 @@ dsa_generate_key(struct randomness *r, u
if (dsa_generate_keypair(&public, &private,
r, lsh_random,
NULL, progress,
- 512 + 64 * level))
+ 512 + 64 * level, DSA_SHA1_Q_BITS))
{
key =
lsh_string_format_sexp(0,
/trunk/debian/patches/series
2,6 → 2,7
sftp-server-mansection.patch
better-errmsg-when-dotlsh-missing.patch
nettle-2.0.patch
nettle-2.1.patch
blacklist.patch
terminate-on-connection-failure.patch
ipv6-v6only.patch
/trunk/debian/changelog
14,8 → 14,9
* blacklist.patch: Don't reject when blacklisted_key() returns -1,
indicating no blacklist file for the key type and/or size in question
exists.
* nettle-2.1.patch (new): Build with Nettle 2.1.
 
-- Magnus Holmgren <holmgren@debian.org> Sat, 19 Mar 2011 20:52:08 +0100
-- Magnus Holmgren <holmgren@debian.org> Sat, 19 Mar 2011 20:53:55 +0100
 
lsh-utils (2.0.4-dfsg-7) unstable; urgency=low