Attachment #3521 for bug #3279




	char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
	u_char *pkblob = NULL, *sig = NULL, have_sig;
	size_t blen, slen;
	int v, r, pktype;
	int req_presence = 0, req_verify = 0, authenticated = 0;
	struct sshauthopt *authopts = NULL;
	struct sshkey_sig_details *sig_details = NULL;

#endif
		/* test for correct signature */
		authenticated = 0;
		v = 0;
		if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
		    (v = PRIVSEP(sshkey_verify(key, sig, slen,
		    sshbuf_ptr(b), sshbuf_len(b),
		    (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
		    ssh->compat, &sig_details))) == 0) {
			authenticated = 1;
		}
		if (v < 0) {
			struct sshbuf *badkey = sshbuf_new();
			debug_fr(v, "sshkey_verify failed");
			sshkey_format_text(key, badkey);
			sshbuf_put_u8(badkey, 0);
			debug_f("failed key: %s", (const char *)sshbuf_ptr(badkey));
			debug_f("failed alg: %s", ((ssh->compat & SSH_BUG_SIGTYPE) == 0 && pkalg != NULL) ? pkalg : "[DEFAULT]");
			debug_f("failed sig: %s", tohex(sig, slen));
		}
		if (authenticated == 1 && sig_details != NULL) {
			auth2_record_info(authctxt, "signature count = %u",
			    sig_details->sk_counter);

Return to bug 3279

Lines 95-101 userauth_pubkey(struct ssh *ssh) Link Here

(-)a/auth2-pubkey.c (-3 / +13 lines)
95	char pkalg = NULL, userstyle = NULL, key_s = NULL, ca_s = NULL;	95	char pkalg = NULL, userstyle = NULL, key_s = NULL, ca_s = NULL;
96	u_char pkblob = NULL, sig = NULL, have_sig;	96	u_char pkblob = NULL, sig = NULL, have_sig;
97	size_t blen, slen;	97	size_t blen, slen;
98	int r, pktype;	98	int v, r, pktype;
99	int req_presence = 0, req_verify = 0, authenticated = 0;	99	int req_presence = 0, req_verify = 0, authenticated = 0;
100	struct sshauthopt *authopts = NULL;	100	struct sshauthopt *authopts = NULL;
101	struct sshkey_sig_details *sig_details = NULL;	101	struct sshkey_sig_details *sig_details = NULL;
Lines 202-214 userauth_pubkey(struct ssh *ssh) Link Here
202	#endif	202	#endif
203	/* test for correct signature */	203	/* test for correct signature */
204	authenticated = 0;	204	authenticated = 0;
		205	v = 0;
205	if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&	206	if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
206	PRIVSEP(sshkey_verify(key, sig, slen,	207	(v = PRIVSEP(sshkey_verify(key, sig, slen,
207	sshbuf_ptr(b), sshbuf_len(b),	208	sshbuf_ptr(b), sshbuf_len(b),
208	(ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,	209	(ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
209	ssh->compat, &sig_details)) == 0) {	210	ssh->compat, &sig_details))) == 0) {
210	authenticated = 1;	211	authenticated = 1;
211	}	212	}
		213	if (v < 0) {
		214	struct sshbuf *badkey = sshbuf_new();
		215	debug_fr(v, "sshkey_verify failed");
		216	sshkey_format_text(key, badkey);
		217	sshbuf_put_u8(badkey, 0);
		218	debug_f("failed key: %s", (const char *)sshbuf_ptr(badkey));
		219	debug_f("failed alg: %s", ((ssh->compat & SSH_BUG_SIGTYPE) == 0 && pkalg != NULL) ? pkalg : "[DEFAULT]");
		220	debug_f("failed sig: %s", tohex(sig, slen));
		221	}
212	if (authenticated == 1 && sig_details != NULL) {	222	if (authenticated == 1 && sig_details != NULL) {
213	auth2_record_info(authctxt, "signature count = %u",	223	auth2_record_info(authctxt, "signature count = %u",
214	sig_details->sk_counter);	224	sig_details->sk_counter);