diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-12-18 02:25:15 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-12-19 15:21:37 +1100 |
| commit | 04c7e28f83062dc42f2380d1bb3a6bf0190852c0 (patch) | |
| tree | bc2c59d39a33aba84e0576039474668ada2546d2 /monitor.c | |
| parent | 931c78dfd7fe30669681a59e536bbe66535f3ee9 (diff) | |
upstream commit
pass negotiated signing algorithm though to
sshkey_verify() and check that the negotiated algorithm matches the type in
the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
Diffstat (limited to 'monitor.c')
| -rw-r--r-- | monitor.c | 8 |
1 files changed, 5 insertions, 3 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: monitor.c,v 1.175 2017/10/05 15:52:03 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.176 2017/12/18 02:25:15 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
| 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
| @@ -1339,12 +1339,14 @@ mm_answer_keyverify(int sock, struct sshbuf *m) | |||
| 1339 | { | 1339 | { |
| 1340 | struct sshkey *key; | 1340 | struct sshkey *key; |
| 1341 | u_char *signature, *data, *blob; | 1341 | u_char *signature, *data, *blob; |
| 1342 | char *sigalg; | ||
| 1342 | size_t signaturelen, datalen, bloblen; | 1343 | size_t signaturelen, datalen, bloblen; |
| 1343 | int r, ret, valid_data = 0, encoded_ret; | 1344 | int r, ret, valid_data = 0, encoded_ret; |
| 1344 | 1345 | ||
| 1345 | if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 || | 1346 | if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 || |
| 1346 | (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 || | 1347 | (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 || |
| 1347 | (r = sshbuf_get_string(m, &data, &datalen)) != 0) | 1348 | (r = sshbuf_get_string(m, &data, &datalen)) != 0 || |
| 1349 | (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0) | ||
| 1348 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 1350 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 1349 | 1351 | ||
| 1350 | if (hostbased_cuser == NULL || hostbased_chost == NULL || | 1352 | if (hostbased_cuser == NULL || hostbased_chost == NULL || |
| @@ -1373,7 +1375,7 @@ mm_answer_keyverify(int sock, struct sshbuf *m) | |||
| 1373 | fatal("%s: bad signature data blob", __func__); | 1375 | fatal("%s: bad signature data blob", __func__); |
| 1374 | 1376 | ||
| 1375 | ret = sshkey_verify(key, signature, signaturelen, data, datalen, | 1377 | ret = sshkey_verify(key, signature, signaturelen, data, datalen, |
| 1376 | active_state->compat); | 1378 | sigalg, active_state->compat); |
| 1377 | debug3("%s: %s %p signature %s", __func__, auth_method, key, | 1379 | debug3("%s: %s %p signature %s", __func__, auth_method, key, |
| 1378 | (ret == 0) ? "verified" : "unverified"); | 1380 | (ret == 0) ? "verified" : "unverified"); |
| 1379 | auth2_record_key(authctxt, ret == 0, key); | 1381 | auth2_record_key(authctxt, ret == 0, key); |