Attachment #3090 for bug #2799




	size_t blen = 0, len = 0;
	u_int flags = 0;
	int r = SSH_ERR_INTERNAL_ERROR;
	char *sigtype = NULL;

	*sigp = NULL;
	*lenp = 0;

	if ((r = sshbuf_get_string(msg, sigp, &len)) != 0)
		goto out;
	*lenp = len;

	/*
	 * Some agents will return ssh-rsa signatures when asked to
	 * make a rsa-sha2-* signature. Check what they actually gave
	 * back.
	 */
	if (alg != NULL) {
		if ((r = sshkey_sigtype(*sigp, *lenp, &sigtype)) != 0)
			goto out;
		if (strcmp(sigtype, alg) != 0) {
			error("agent returned incorrect signature type %s "
			    "(expected %s)", sigtype, alg);
			freezero(*sigp, *lenp);
			*sigp = NULL;
			*lenp = 0;
			r = SSH_ERR_AGENT_FAILURE;
			goto out;
		}
	}

	r = 0;
 out:
	free(sigtype);
	freezero(blob, blen);
		free(blob);
	}
	sshbuf_free(msg);
	return r;
}




	return r;
}

int
sshkey_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
{
	int r;
	struct sshbuf *b = NULL;
	char *sigtype = NULL;

	if (sigtypep != NULL)
		*sigtypep = NULL;
	if ((b = sshbuf_from(sig, siglen)) == NULL)
		return SSH_ERR_ALLOC_FAIL;
	if ((r = sshbuf_get_cstring(b, &sigtype, NULL)) != 0)
		goto out;
	/* success */
	if (sigtypep != NULL) {
		*sigtypep = sigtype;
		sigtype = NULL;
	}
	r = 0;
 out:
	free(sigtype);
	sshbuf_free(b);
	return r;
}

int
sshkey_sign(const struct sshkey *key,
    u_char **sigp, size_t *lenp,

Lines 168-173 int sshkey_puts(const struct sshkey , struct sshbuf ); Link Here

(-)a/sshkey.h (+1 lines)
168	int sshkey_plain_to_blob(const struct sshkey , u_char , size_t );	168	int sshkey_plain_to_blob(const struct sshkey , u_char , size_t );
169	int sshkey_putb_plain(const struct sshkey , struct sshbuf );	169	int sshkey_putb_plain(const struct sshkey , struct sshbuf );
170		170
		171	int sshkey_sigtype(const u_char , size_t, char *);
171	int sshkey_sign(const struct sshkey , u_char , size_t ,	172	int sshkey_sign(const struct sshkey , u_char , size_t ,
172	const u_char , size_t, const char , u_int);	173	const u_char , size_t, const char , u_int);
173	int sshkey_verify(const struct sshkey , const u_char , size_t,	174	int sshkey_verify(const struct sshkey , const u_char , size_t,

Return to bug 2799

Lines 345-350 ssh_agent_sign(int sock, const struct sshkey *key, Link Here

(-)a/authfd.c (-4 / +23 lines)
345	size_t blen = 0, len = 0;	345	size_t blen = 0, len = 0;
346	u_int flags = 0;	346	u_int flags = 0;
347	int r = SSH_ERR_INTERNAL_ERROR;	347	int r = SSH_ERR_INTERNAL_ERROR;
		348	char *sigtype = NULL;
348		349
349	*sigp = NULL;	350	*sigp = NULL;
350	*lenp = 0;	351	*lenp = 0;
Lines 377-388 ssh_agent_sign(int sock, const struct sshkey *key, Link Here
377	if ((r = sshbuf_get_string(msg, sigp, &len)) != 0)	378	if ((r = sshbuf_get_string(msg, sigp, &len)) != 0)
378	goto out;	379	goto out;
379	*lenp = len;	380	*lenp = len;
		381
		382	/*
		383	* Some agents will return ssh-rsa signatures when asked to
		384	* make a rsa-sha2-* signature. Check what they actually gave
		385	* back.
		386	*/
		387	if (alg != NULL) {
		388	if ((r = sshkey_sigtype(sigp, lenp, &sigtype)) != 0)
		389	goto out;
		390	if (strcmp(sigtype, alg) != 0) {
		391	error("agent returned incorrect signature type %s "
		392	"(expected %s)", sigtype, alg);
		393	freezero(sigp, lenp);
		394	*sigp = NULL;
		395	*lenp = 0;
		396	r = SSH_ERR_AGENT_FAILURE;
		397	goto out;
		398	}
		399	}
		400
380	r = 0;	401	r = 0;
381	out:	402	out:
382	if (blob != NULL) {	403	free(sigtype);
383	explicit_bzero(blob, blen);	404	freezero(blob, blen);
384	free(blob);
385	}
386	sshbuf_free(msg);	405	sshbuf_free(msg);
387	return r;	406	return r;
388	}	407	}

Lines 2011-2016 sshkey_froms(struct sshbuf buf, struct sshkey *keyp) Link Here

(-)a/sshkey.c (+25 lines)
2011	return r;	2011	return r;
2012	}	2012	}
2013		2013
		2014	int
		2015	sshkey_sigtype(const u_char sig, size_t siglen, char *sigtypep)
		2016	{
		2017	int r;
		2018	struct sshbuf *b = NULL;
		2019	char *sigtype = NULL;
		2020
		2021	if (sigtypep != NULL)
		2022	*sigtypep = NULL;
		2023	if ((b = sshbuf_from(sig, siglen)) == NULL)
		2024	return SSH_ERR_ALLOC_FAIL;
		2025	if ((r = sshbuf_get_cstring(b, &sigtype, NULL)) != 0)
		2026	goto out;
		2027	/* success */
		2028	if (sigtypep != NULL) {
		2029	*sigtypep = sigtype;
		2030	sigtype = NULL;
		2031	}
		2032	r = 0;
		2033	out:
		2034	free(sigtype);
		2035	sshbuf_free(b);
		2036	return r;
		2037	}
		2038
2014	int	2039	int
2015	sshkey_sign(const struct sshkey *key,	2040	sshkey_sign(const struct sshkey *key,
2016	u_char *sigp, size_t lenp,	2041	u_char *sigp, size_t lenp,