rpms/libssh2/F-12 libssh2-1.2.2-padding.patch, NONE, 1.1 libssh2.spec, 1.11, 1.12
Chris Weyl
cweyl at fedoraproject.org
Tue Jan 19 06:23:43 UTC 2010
Author: cweyl
Update of /cvs/extras/rpms/libssh2/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26186
Modified Files:
libssh2.spec
Added Files:
libssh2-1.2.2-padding.patch
Log Message:
* Mon Jan 18 2010 Chris Weyl <cweyl at alumni.drew.edu> 1.2.2-4
- enable tests; conditionalize sshd test, which fails with a funky SElinux
error when run locally
libssh2-1.2.2-padding.patch:
libgcrypt.c | 30 ++++++------------------------
openssl.c | 15 ++++++++++-----
2 files changed, 16 insertions(+), 29 deletions(-)
--- NEW FILE libssh2-1.2.2-padding.patch ---
commit 1aba38cd7d2658146675ce1737e5090f879f3068
Author: Peter Stuge <peter at stuge.se>
Date: Sun Dec 6 07:20:58 2009 +0100
Fix padding in ssh-dss signature blob encoding
DSA signatures consist of two 160-bit integers called r and s. In ssh-dss
signature blobs r and s are stored directly after each other in binary
representation, making up a 320-bit (40 byte) string. (See RFC4253 p14.)
The crypto wrappers in libssh2 would either pack r and s incorrectly, or
fail, when at least one integer was small enough to be stored in 19 bytes
or less.
The patch ensures that r and s are always stored as two 160 bit numbers.
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index ba00284..b06be42 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -424,6 +424,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
return -1;
}
+ memset(sig, 0, 40);
+
/* Extract R. */
data = gcry_sexp_find_token(sig_sexp, "r", 0);
@@ -433,22 +435,12 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
}
tmp = gcry_sexp_nth_data(data, 1, &size);
- if (!tmp) {
- ret = -1;
- goto out;
- }
-
- if (tmp[0] == '\0') {
- tmp++;
- size--;
- }
-
- if (size != 20) {
+ if (!tmp || size < 1 || size > 20) {
ret = -1;
goto out;
}
- memcpy(sig, tmp, 20);
+ memcpy(sig + (20 - size), tmp, size);
gcry_sexp_release(data);
@@ -461,22 +453,12 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
}
tmp = gcry_sexp_nth_data(data, 1, &size);
- if (!tmp) {
- ret = -1;
- goto out;
- }
-
- if (tmp[0] == '\0') {
- tmp++;
- size--;
- }
-
- if (size != 20) {
+ if (!tmp || size < 1 || size > 20) {
ret = -1;
goto out;
}
- memcpy(sig + 20, tmp, 20);
+ memcpy(sig + 20 + (20 - size), tmp, size);
ret = 0;
out:
diff --git a/src/openssl.c b/src/openssl.c
index 250ea63..000c9ec 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -420,7 +420,7 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
unsigned long hash_len, unsigned char *signature)
{
DSA_SIG *sig;
- int r_len, s_len, rs_pad;
+ int r_len, s_len;
(void) hash_len;
sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx);
@@ -429,15 +429,20 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
}
r_len = BN_num_bytes(sig->r);
+ if (r_len < 1 || r_len > 20) {
+ DSA_SIG_free(sig);
+ return -1;
+ }
s_len = BN_num_bytes(sig->s);
- rs_pad = (2 * SHA_DIGEST_LENGTH) - (r_len + s_len);
- if (rs_pad < 0) {
+ if (s_len < 1 || s_len > 20) {
DSA_SIG_free(sig);
return -1;
}
- BN_bn2bin(sig->r, signature + rs_pad);
- BN_bn2bin(sig->s, signature + rs_pad + r_len);
+ memset(signature, 0, 40);
+
+ BN_bn2bin(sig->r, signature + (20 - r_len));
+ BN_bn2bin(sig->s, signature + 20 + (20 - s_len));
DSA_SIG_free(sig);
Index: libssh2.spec
===================================================================
RCS file: /cvs/extras/rpms/libssh2/F-12/libssh2.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -p -r1.11 -r1.12
--- libssh2.spec 15 Jan 2010 02:23:27 -0000 1.11
+++ libssh2.spec 19 Jan 2010 06:23:43 -0000 1.12
@@ -1,6 +1,6 @@
Name: libssh2
Version: 1.2.2
-Release: 2%{?dist}
+Release: 4%{?dist}
Summary: A library implementing the SSH2 protocol
Group: System Environment/Libraries
@@ -9,9 +9,15 @@ URL: http://www.libssh2.org
Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+# aka commit 1aba38cd7d2658146675ce1737e5090f879f306
+Patch0: libssh2-1.2.2-padding.patch
+
BuildRequires: openssl-devel
BuildRequires: zlib-devel
+# tests
+BuildRequires: openssh-server
+
%description
libssh2 is a library implementing the SSH2 protocol as defined by
Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),
@@ -41,6 +47,7 @@ developing applications that use %{name}
%prep
%setup -q
+%patch0 -p1
# make sure things are UTF-8...
for i in ChangeLog NEWS ; do
@@ -66,8 +73,9 @@ rm -rf example/simple/.deps
find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -exec rm -v {} +
%check
-# tests are currently not doing so well under rpmbuild
-#(cd tests && make check)
+# sshd/loopback test fails under local build, with selinux enforcing
+%{?_without_sshd_tests:echo "Skipping sshd tests" ; echo "exit 0" > tests/ssh2.sh }
+(cd tests && make check)
%clean
rm -rf %{buildroot}
@@ -96,6 +104,13 @@ rm -rf %{buildroot}
%{_libdir}/pkgconfig/*
%changelog
+* Mon Jan 18 2010 Chris Weyl <cweyl at alumni.drew.edu> 1.2.2-4
+- enable tests; conditionalize sshd test, which fails with a funky SElinux
+ error when run locally
+
+* Mon Jan 18 2010 Chris Weyl <cweyl at alumni.drew.edu> 1.2.2-3
+- patch w/1aba38cd7d2658146675ce1737e5090f879f306; not yet in a GA release
+
* Thu Jan 14 2010 Chris Weyl <cweyl at alumni.drew.edu> 1.2.2-2
- correct bad file entry under -devel
More information about the scm-commits
mailing list