Compare commits
3 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
32e3e678ae | ||
|
82ab9ccf97 | ||
|
51e6730d6c |
0
.cvsignore → .gitignore
vendored
0
.cvsignore → .gitignore
vendored
21
Makefile
21
Makefile
@ -1,21 +0,0 @@
|
|||||||
# Makefile for source rpm: libssh2
|
|
||||||
# $Id: Makefile,v 1.1 2007/11/27 20:15:45 kevin Exp $
|
|
||||||
NAME := libssh2
|
|
||||||
SPECFILE = $(firstword $(wildcard *.spec))
|
|
||||||
|
|
||||||
define find-makefile-common
|
|
||||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
|
||||||
endef
|
|
||||||
|
|
||||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
|
||||||
|
|
||||||
ifeq ($(MAKEFILE_COMMON),)
|
|
||||||
# attept a checkout
|
|
||||||
define checkout-makefile-common
|
|
||||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
|
||||||
endef
|
|
||||||
|
|
||||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
|
||||||
endif
|
|
||||||
|
|
||||||
include $(MAKEFILE_COMMON)
|
|
@ -1,117 +0,0 @@
|
|||||||
commit 1aba38cd7d2658146675ce1737e5090f879f3068
|
|
||||||
Author: Peter Stuge <peter@stuge.se>
|
|
||||||
Date: Sun Dec 6 07:20:58 2009 +0100
|
|
||||||
|
|
||||||
Fix padding in ssh-dss signature blob encoding
|
|
||||||
|
|
||||||
DSA signatures consist of two 160-bit integers called r and s. In ssh-dss
|
|
||||||
signature blobs r and s are stored directly after each other in binary
|
|
||||||
representation, making up a 320-bit (40 byte) string. (See RFC4253 p14.)
|
|
||||||
|
|
||||||
The crypto wrappers in libssh2 would either pack r and s incorrectly, or
|
|
||||||
fail, when at least one integer was small enough to be stored in 19 bytes
|
|
||||||
or less.
|
|
||||||
|
|
||||||
The patch ensures that r and s are always stored as two 160 bit numbers.
|
|
||||||
|
|
||||||
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
|
|
||||||
index ba00284..b06be42 100644
|
|
||||||
--- a/src/libgcrypt.c
|
|
||||||
+++ b/src/libgcrypt.c
|
|
||||||
@@ -424,6 +424,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ memset(sig, 0, 40);
|
|
||||||
+
|
|
||||||
/* Extract R. */
|
|
||||||
|
|
||||||
data = gcry_sexp_find_token(sig_sexp, "r", 0);
|
|
||||||
@@ -433,22 +435,12 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
|
|
||||||
}
|
|
||||||
|
|
||||||
tmp = gcry_sexp_nth_data(data, 1, &size);
|
|
||||||
- if (!tmp) {
|
|
||||||
- ret = -1;
|
|
||||||
- goto out;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (tmp[0] == '\0') {
|
|
||||||
- tmp++;
|
|
||||||
- size--;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (size != 20) {
|
|
||||||
+ if (!tmp || size < 1 || size > 20) {
|
|
||||||
ret = -1;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
- memcpy(sig, tmp, 20);
|
|
||||||
+ memcpy(sig + (20 - size), tmp, size);
|
|
||||||
|
|
||||||
gcry_sexp_release(data);
|
|
||||||
|
|
||||||
@@ -461,22 +453,12 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
|
|
||||||
}
|
|
||||||
|
|
||||||
tmp = gcry_sexp_nth_data(data, 1, &size);
|
|
||||||
- if (!tmp) {
|
|
||||||
- ret = -1;
|
|
||||||
- goto out;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (tmp[0] == '\0') {
|
|
||||||
- tmp++;
|
|
||||||
- size--;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (size != 20) {
|
|
||||||
+ if (!tmp || size < 1 || size > 20) {
|
|
||||||
ret = -1;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
- memcpy(sig + 20, tmp, 20);
|
|
||||||
+ memcpy(sig + 20 + (20 - size), tmp, size);
|
|
||||||
|
|
||||||
ret = 0;
|
|
||||||
out:
|
|
||||||
diff --git a/src/openssl.c b/src/openssl.c
|
|
||||||
index 250ea63..000c9ec 100644
|
|
||||||
--- a/src/openssl.c
|
|
||||||
+++ b/src/openssl.c
|
|
||||||
@@ -420,7 +420,7 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
|
|
||||||
unsigned long hash_len, unsigned char *signature)
|
|
||||||
{
|
|
||||||
DSA_SIG *sig;
|
|
||||||
- int r_len, s_len, rs_pad;
|
|
||||||
+ int r_len, s_len;
|
|
||||||
(void) hash_len;
|
|
||||||
|
|
||||||
sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx);
|
|
||||||
@@ -429,15 +429,20 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
|
|
||||||
}
|
|
||||||
|
|
||||||
r_len = BN_num_bytes(sig->r);
|
|
||||||
+ if (r_len < 1 || r_len > 20) {
|
|
||||||
+ DSA_SIG_free(sig);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
s_len = BN_num_bytes(sig->s);
|
|
||||||
- rs_pad = (2 * SHA_DIGEST_LENGTH) - (r_len + s_len);
|
|
||||||
- if (rs_pad < 0) {
|
|
||||||
+ if (s_len < 1 || s_len > 20) {
|
|
||||||
DSA_SIG_free(sig);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
- BN_bn2bin(sig->r, signature + rs_pad);
|
|
||||||
- BN_bn2bin(sig->s, signature + rs_pad + r_len);
|
|
||||||
+ memset(signature, 0, 40);
|
|
||||||
+
|
|
||||||
+ BN_bn2bin(sig->r, signature + (20 - r_len));
|
|
||||||
+ BN_bn2bin(sig->s, signature + 20 + (20 - s_len));
|
|
||||||
|
|
||||||
DSA_SIG_free(sig);
|
|
||||||
|
|
15
libssh2.spec
15
libssh2.spec
@ -1,6 +1,6 @@
|
|||||||
Name: libssh2
|
Name: libssh2
|
||||||
Version: 1.2.2
|
Version: 1.2.4
|
||||||
Release: 5%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: A library implementing the SSH2 protocol
|
Summary: A library implementing the SSH2 protocol
|
||||||
|
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -9,9 +9,6 @@ URL: http://www.libssh2.org
|
|||||||
Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz
|
Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
|
|
||||||
# aka commit 1aba38cd7d2658146675ce1737e5090f879f306
|
|
||||||
Patch0: libssh2-1.2.2-padding.patch
|
|
||||||
|
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
BuildRequires: zlib-devel
|
BuildRequires: zlib-devel
|
||||||
|
|
||||||
@ -47,7 +44,6 @@ developing applications that use %{name}.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1
|
|
||||||
|
|
||||||
# make sure things are UTF-8...
|
# make sure things are UTF-8...
|
||||||
for i in ChangeLog NEWS ; do
|
for i in ChangeLog NEWS ; do
|
||||||
@ -69,7 +65,7 @@ find %{buildroot} -name '*.la' -exec rm -f {} +
|
|||||||
|
|
||||||
# clean things up a bit for packaging
|
# clean things up a bit for packaging
|
||||||
( cd example && make clean )
|
( cd example && make clean )
|
||||||
rm -rf example/simple/.deps
|
find example/ -type d -name .deps -exec rm -rf {} +
|
||||||
find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -exec rm -v {} +
|
find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -exec rm -v {} +
|
||||||
|
|
||||||
%check
|
%check
|
||||||
@ -104,6 +100,11 @@ rm -rf %{buildroot}
|
|||||||
%{_libdir}/pkgconfig/*
|
%{_libdir}/pkgconfig/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Mar 12 2010 Chris Weyl <cweyl@alumni.drew.edu> 1.2.4-1
|
||||||
|
- update to 1.2.4
|
||||||
|
- drop old patch0
|
||||||
|
- be more aggressive about keeping .deps from intruding into -docs
|
||||||
|
|
||||||
* Wed Jan 20 2010 Chris Weyl <cweyl@alumni.drew.edu> 1.2.2-5
|
* Wed Jan 20 2010 Chris Weyl <cweyl@alumni.drew.edu> 1.2.2-5
|
||||||
- pkgconfig dep should be with -devel, not -docs
|
- pkgconfig dep should be with -devel, not -docs
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user