upstream: add sshkey_check_cert_sigtype() that checks a

cert->signature_type against a supplied whitelist; ok markus OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302
author: djm@openbsd.org <djm@openbsd.org> 2018-09-12 01:32:54 +0000
committer: Damien Miller <djm@mindrot.org> 2018-09-12 16:49:21 +1000
commit: ba9e788315b1f6a350f910cb2a9e95b2ce584e89 (patch)
tree: 2bc5013faf5d1c4daf26d6db1547aa7602e59306
parent: a70fd4ad7bd9f2ed223ff635a3d41e483057f23b (diff)
2 files changed, 24 insertions, 2 deletions
diff --git a/sshkey.c b/sshkey.c
index b467571fd..50ebdc256 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.67 2018/09/12 01:31:30 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.68 2018/09/12 01:32:54 djm Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -2261,6 +2261,27 @@ get_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
 }
 /*
+ *
+ * Checks whether a certificate's signature type is allowed.
+ * Returns 0 (success) if the certificate signature type appears in the
+ * "allowed" pattern-list, or the key is not a certificate to begin with.
+ * Otherwise returns a ssherr.h code.
+ */
+int
+sshkey_check_cert_sigtype(const struct sshkey *key, const char *allowed)
+{
+        if (key == NULL || allowed == NULL)
+                return SSH_ERR_INVALID_ARGUMENT;
+        if (!sshkey_type_is_cert(key->type))
+                return 0;
+        if (key->cert == NULL || key->cert->signature_type == NULL)
+                return SSH_ERR_INVALID_ARGUMENT;
+        if (match_pattern_list(key->cert->signature_type, allowed, 0) != 1)
+                return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+        return 0;
+}
+/*
 * Returns the expected signature algorithm for a given public key algorithm.
 */
 const char *
diff --git a/sshkey.h b/sshkey.h
index b8f279a60..5a22a66f5 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.27 2018/09/12 01:31:30 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.28 2018/09/12 01:32:54 djm Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -158,6 +158,7 @@ int	 sshkey_cert_check_authority(const struct sshkey *, int, int,
    const char *, const char **);
 size_t   sshkey_format_cert_validity(const struct sshkey_cert *,
    char *, size_t) __attribute__((__bounded__(__string__, 2, 3)));
+int      sshkey_check_cert_sigtype(const struct sshkey *, const char *);
 int      sshkey_certify(struct sshkey *, struct sshkey *, const char *);
 /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */
author	djm@openbsd.org <djm@openbsd.org>	2018-09-12 01:32:54 +0000
committer	Damien Miller <djm@mindrot.org>	2018-09-12 16:49:21 +1000
commit	ba9e788315b1f6a350f910cb2a9e95b2ce584e89 (patch)
tree	2bc5013faf5d1c4daf26d6db1547aa7602e59306
parent	a70fd4ad7bd9f2ed223ff635a3d41e483057f23b (diff)

diff --git a/sshkey.c b/sshkey.c index b467571fd..50ebdc256 100644 --- a/sshkey.c +++ b/sshkey.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshkey.c,v 1.67 2018/09/12 01:31:30 djm Exp $ */	1	/* $OpenBSD: sshkey.c,v 1.68 2018/09/12 01:32:54 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4	* Copyright (c) 2008 Alexander von Gernler. All rights reserved.	4	* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -2261,6 +2261,27 @@ get_sigtype(const u_char sig, size_t siglen, char *sigtypep)
2261	}	2261	}
2262		2262
2263	/*	2263	/*
		2264	*
		2265	* Checks whether a certificate's signature type is allowed.
		2266	* Returns 0 (success) if the certificate signature type appears in the
		2267	* "allowed" pattern-list, or the key is not a certificate to begin with.
		2268	* Otherwise returns a ssherr.h code.
		2269	*/
		2270	int
		2271	sshkey_check_cert_sigtype(const struct sshkey key, const char allowed)
		2272	{
		2273	if (key == NULL \|\| allowed == NULL)
		2274	return SSH_ERR_INVALID_ARGUMENT;
		2275	if (!sshkey_type_is_cert(key->type))
		2276	return 0;
		2277	if (key->cert == NULL \|\| key->cert->signature_type == NULL)
		2278	return SSH_ERR_INVALID_ARGUMENT;
		2279	if (match_pattern_list(key->cert->signature_type, allowed, 0) != 1)
		2280	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
		2281	return 0;
		2282	}
		2283
		2284	/*
2264	* Returns the expected signature algorithm for a given public key algorithm.	2285	* Returns the expected signature algorithm for a given public key algorithm.
2265	*/	2286	*/
2266	const char *	2287	const char *


diff --git a/sshkey.h b/sshkey.h index b8f279a60..5a22a66f5 100644 --- a/sshkey.h +++ b/sshkey.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshkey.h,v 1.27 2018/09/12 01:31:30 djm Exp $ */	1	/* $OpenBSD: sshkey.h,v 1.28 2018/09/12 01:32:54 djm Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.	4	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -158,6 +158,7 @@ int sshkey_cert_check_authority(const struct sshkey *, int, int,
158	const char , const char *);	158	const char , const char *);
159	size_t sshkey_format_cert_validity(const struct sshkey_cert *,	159	size_t sshkey_format_cert_validity(const struct sshkey_cert *,
160	char *, size_t) __attribute__((__bounded__(__string__, 2, 3)));	160	char *, size_t) __attribute__((__bounded__(__string__, 2, 3)));
		161	int sshkey_check_cert_sigtype(const struct sshkey , const char );
161		162
162	int sshkey_certify(struct sshkey , struct sshkey , const char *);	163	int sshkey_certify(struct sshkey , struct sshkey , const char *);
163	/* Variant allowing use of a custom signature function (e.g. for ssh-agent) */	164	/* Variant allowing use of a custom signature function (e.g. for ssh-agent) */