diff options
| author | markus@openbsd.org <markus@openbsd.org> | 2018-07-11 18:53:29 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-07-12 13:18:25 +1000 |
| commit | 5467fbcb09528ecdcb914f4f2452216c24796790 (patch) | |
| tree | 8fcef797ece697250f4c67d57a5063d6316fd203 /monitor.c | |
| parent | 5dc4c59d5441a19c99e7945779f7ec9051126c25 (diff) | |
upstream: remove legacy key emulation layer; ok djm@
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
Diffstat (limited to 'monitor.c')
| -rw-r--r-- | monitor.c | 15 |
1 files changed, 8 insertions, 7 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: monitor.c,v 1.184 2018/07/10 09:13:30 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.185 2018/07/11 18:53:29 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
| 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
| @@ -68,7 +68,7 @@ | |||
| 68 | #include "atomicio.h" | 68 | #include "atomicio.h" |
| 69 | #include "xmalloc.h" | 69 | #include "xmalloc.h" |
| 70 | #include "ssh.h" | 70 | #include "ssh.h" |
| 71 | #include "key.h" | 71 | #include "sshkey.h" |
| 72 | #include "sshbuf.h" | 72 | #include "sshbuf.h" |
| 73 | #include "hostfile.h" | 73 | #include "hostfile.h" |
| 74 | #include "auth.h" | 74 | #include "auth.h" |
| @@ -630,14 +630,15 @@ mm_answer_sign(int sock, struct sshbuf *m) | |||
| 630 | char *alg = NULL; | 630 | char *alg = NULL; |
| 631 | size_t datlen, siglen, alglen; | 631 | size_t datlen, siglen, alglen; |
| 632 | int r, is_proof = 0; | 632 | int r, is_proof = 0; |
| 633 | u_int keyid; | 633 | u_int keyid, compat; |
| 634 | const char proof_req[] = "hostkeys-prove-00@openssh.com"; | 634 | const char proof_req[] = "hostkeys-prove-00@openssh.com"; |
| 635 | 635 | ||
| 636 | debug3("%s", __func__); | 636 | debug3("%s", __func__); |
| 637 | 637 | ||
| 638 | if ((r = sshbuf_get_u32(m, &keyid)) != 0 || | 638 | if ((r = sshbuf_get_u32(m, &keyid)) != 0 || |
| 639 | (r = sshbuf_get_string(m, &p, &datlen)) != 0 || | 639 | (r = sshbuf_get_string(m, &p, &datlen)) != 0 || |
| 640 | (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) | 640 | (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0 || |
| 641 | (r = sshbuf_get_u32(m, &compat)) != 0) | ||
| 641 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 642 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 642 | if (keyid > INT_MAX) | 643 | if (keyid > INT_MAX) |
| 643 | fatal("%s: invalid key ID", __func__); | 644 | fatal("%s: invalid key ID", __func__); |
| @@ -687,13 +688,13 @@ mm_answer_sign(int sock, struct sshbuf *m) | |||
| 687 | 688 | ||
| 688 | if ((key = get_hostkey_by_index(keyid)) != NULL) { | 689 | if ((key = get_hostkey_by_index(keyid)) != NULL) { |
| 689 | if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, | 690 | if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, |
| 690 | datafellows)) != 0) | 691 | compat)) != 0) |
| 691 | fatal("%s: sshkey_sign failed: %s", | 692 | fatal("%s: sshkey_sign failed: %s", |
| 692 | __func__, ssh_err(r)); | 693 | __func__, ssh_err(r)); |
| 693 | } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && | 694 | } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && |
| 694 | auth_sock > 0) { | 695 | auth_sock > 0) { |
| 695 | if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, | 696 | if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, |
| 696 | p, datlen, alg, datafellows)) != 0) { | 697 | p, datlen, alg, compat)) != 0) { |
| 697 | fatal("%s: ssh_agent_sign failed: %s", | 698 | fatal("%s: ssh_agent_sign failed: %s", |
| 698 | __func__, ssh_err(r)); | 699 | __func__, ssh_err(r)); |
| 699 | } | 700 | } |
| @@ -1208,7 +1209,7 @@ mm_answer_keyallowed(int sock, struct sshbuf *m) | |||
| 1208 | 1209 | ||
| 1209 | if (key != NULL && authctxt->valid) { | 1210 | if (key != NULL && authctxt->valid) { |
| 1210 | /* These should not make it past the privsep child */ | 1211 | /* These should not make it past the privsep child */ |
| 1211 | if (key_type_plain(key->type) == KEY_RSA && | 1212 | if (sshkey_type_plain(key->type) == KEY_RSA && |
| 1212 | (datafellows & SSH_BUG_RSASIGMD5) != 0) | 1213 | (datafellows & SSH_BUG_RSASIGMD5) != 0) |
| 1213 | fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__); | 1214 | fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__); |
| 1214 | 1215 | ||