Commit b7172255 authored by Johannes Berg's avatar Johannes Berg

make openssl verification safe for multiple keys

it seems openssl caches some things in there and subsequent
uses of the same key struct fail or something -- since this
fixes it I'm not bothering trying to figure out what's wrong
Signed-off-by: 's avatarJohannes Berg <johannes@sipsolutions.net>
parent 1ea7f657
...@@ -49,32 +49,28 @@ int crda_verify_db_signature(__u8 *db, int dblen, int siglen) ...@@ -49,32 +49,28 @@ int crda_verify_db_signature(__u8 *db, int dblen, int siglen)
unsigned int i; unsigned int i;
int ok = 0; int ok = 0;
rsa = RSA_new();
if (!rsa) {
fprintf(stderr, "Failed to create RSA key.\n");
goto out;
}
if (SHA1(db, dblen, hash) != hash) { if (SHA1(db, dblen, hash) != hash) {
fprintf(stderr, "Failed to calculate SHA1 sum.\n"); fprintf(stderr, "Failed to calculate SHA1 sum.\n");
RSA_free(rsa);
goto out; goto out;
} }
for (i = 0; (i < sizeof(keys)/sizeof(keys[0])) && (!ok); i++) { for (i = 0; (i < sizeof(keys)/sizeof(keys[0])) && (!ok); i++) {
rsa = RSA_new();
if (!rsa) {
fprintf(stderr, "Failed to create RSA key.\n");
goto out;
}
rsa->e = &keys[i].e; rsa->e = &keys[i].e;
rsa->n = &keys[i].n; rsa->n = &keys[i].n;
if (RSA_size(rsa) != siglen)
continue;
ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH, ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
db + dblen, siglen, rsa) == 1; db + dblen, siglen, rsa) == 1;
}
rsa->e = NULL; rsa->e = NULL;
rsa->n = NULL; rsa->n = NULL;
RSA_free(rsa); RSA_free(rsa);
}
#endif #endif
#ifdef USE_GCRYPT #ifdef USE_GCRYPT
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment