|
Lines 1735-1745
sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
Link Here
|
| 1735 |
} |
1735 |
} |
| 1736 |
|
1736 |
|
| 1737 |
static int |
1737 |
static int |
|
|
1738 |
sshkey_ktype_from_blob(struct sshbuf *b, char **ktypep) |
| 1739 |
{ |
| 1740 |
int ret = SSH_ERR_INTERNAL_ERROR; |
| 1741 |
struct sshbuf *copy; |
| 1742 |
char *ktype = NULL; |
| 1743 |
|
| 1744 |
if (ktypep != NULL) |
| 1745 |
*ktypep = NULL; |
| 1746 |
if ((copy = sshbuf_fromb(b)) == NULL) { |
| 1747 |
ret = SSH_ERR_ALLOC_FAIL; |
| 1748 |
goto out; |
| 1749 |
} |
| 1750 |
if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { |
| 1751 |
ret = SSH_ERR_INVALID_FORMAT; |
| 1752 |
goto out; |
| 1753 |
} |
| 1754 |
if (ktypep != NULL) { |
| 1755 |
*ktypep = ktype; |
| 1756 |
ktype = NULL; |
| 1757 |
} |
| 1758 |
/* Success */ |
| 1759 |
ret = 0; |
| 1760 |
out: |
| 1761 |
sshbuf_free(copy); |
| 1762 |
free(ktype); |
| 1763 |
return ret; |
| 1764 |
} |
| 1765 |
|
| 1766 |
static int |
| 1738 |
cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) |
1767 |
cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) |
| 1739 |
{ |
1768 |
{ |
| 1740 |
struct sshbuf *principals = NULL, *crit = NULL; |
1769 |
struct sshbuf *principals = NULL, *crit = NULL; |
| 1741 |
struct sshbuf *exts = NULL, *ca = NULL; |
1770 |
struct sshbuf *exts = NULL, *ca = NULL; |
| 1742 |
u_char *sig = NULL; |
1771 |
u_char *sig = NULL; |
|
|
1772 |
char *alg = NULL; |
| 1743 |
size_t signed_len = 0, slen = 0, kidlen = 0; |
1773 |
size_t signed_len = 0, slen = 0, kidlen = 0; |
| 1744 |
int ret = SSH_ERR_INTERNAL_ERROR; |
1774 |
int ret = SSH_ERR_INTERNAL_ERROR; |
| 1745 |
|
1775 |
|
|
Lines 1842-1849
cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf)
Link Here
|
| 1842 |
ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; |
1872 |
ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; |
| 1843 |
goto out; |
1873 |
goto out; |
| 1844 |
} |
1874 |
} |
|
|
1875 |
if (!sshkey_ktype_from_blob(ca, &alg)) { |
| 1876 |
ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; |
| 1877 |
goto out; |
| 1878 |
} |
| 1845 |
if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, |
1879 |
if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, |
| 1846 |
sshbuf_ptr(key->cert->certblob), signed_len, 0)) != 0) |
1880 |
sshbuf_ptr(key->cert->certblob), signed_len, alg, 0)) != 0) |
| 1847 |
goto out; |
1881 |
goto out; |
| 1848 |
|
1882 |
|
| 1849 |
/* Success */ |
1883 |
/* Success */ |
|
Lines 1854-1859
cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf)
Link Here
|
| 1854 |
sshbuf_free(exts); |
1888 |
sshbuf_free(exts); |
| 1855 |
sshbuf_free(principals); |
1889 |
sshbuf_free(principals); |
| 1856 |
free(sig); |
1890 |
free(sig); |
|
|
1891 |
free(alg); |
| 1857 |
return ret; |
1892 |
return ret; |
| 1858 |
} |
1893 |
} |
| 1859 |
|
1894 |
|
|
Lines 2174-2180
sshkey_sign(const struct sshkey *key,
Link Here
|
| 2174 |
int |
2209 |
int |
| 2175 |
sshkey_verify(const struct sshkey *key, |
2210 |
sshkey_verify(const struct sshkey *key, |
| 2176 |
const u_char *sig, size_t siglen, |
2211 |
const u_char *sig, size_t siglen, |
| 2177 |
const u_char *data, size_t dlen, u_int compat) |
2212 |
const u_char *data, size_t dlen, const char *alg, u_int compat) |
| 2178 |
{ |
2213 |
{ |
| 2179 |
if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) |
2214 |
if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) |
| 2180 |
return SSH_ERR_INVALID_ARGUMENT; |
2215 |
return SSH_ERR_INVALID_ARGUMENT; |
|
Lines 2190-2196
sshkey_verify(const struct sshkey *key,
Link Here
|
| 2190 |
# endif /* OPENSSL_HAS_ECC */ |
2225 |
# endif /* OPENSSL_HAS_ECC */ |
| 2191 |
case KEY_RSA_CERT: |
2226 |
case KEY_RSA_CERT: |
| 2192 |
case KEY_RSA: |
2227 |
case KEY_RSA: |
| 2193 |
return ssh_rsa_verify(key, sig, siglen, data, dlen); |
2228 |
return ssh_rsa_verify(key, sig, siglen, data, dlen, alg); |
| 2194 |
#endif /* WITH_OPENSSL */ |
2229 |
#endif /* WITH_OPENSSL */ |
| 2195 |
case KEY_ED25519: |
2230 |
case KEY_ED25519: |
| 2196 |
case KEY_ED25519_CERT: |
2231 |
case KEY_ED25519_CERT: |