diff options
| author | markus@openbsd.org <markus@openbsd.org> | 2015-12-04 16:41:28 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-12-07 12:38:58 +1100 |
| commit | 76c9fbbe35aabc1db977fb78e827644345e9442e (patch) | |
| tree | e7c85e7e1471f1bd00b3a50a58e315c055f40b86 /monitor.c | |
| parent | 6064a8b8295cb5a17b5ebcfade53053377714f40 (diff) | |
upstream commit
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@
Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
Diffstat (limited to 'monitor.c')
| -rw-r--r-- | monitor.c | 12 |
1 files changed, 7 insertions, 5 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: monitor.c,v 1.154 2015/10/20 23:24:25 mmcc Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.155 2015/12/04 16:41:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
| 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
| @@ -688,14 +688,16 @@ mm_answer_sign(int sock, Buffer *m) | |||
| 688 | struct sshbuf *sigbuf; | 688 | struct sshbuf *sigbuf; |
| 689 | u_char *p; | 689 | u_char *p; |
| 690 | u_char *signature; | 690 | u_char *signature; |
| 691 | size_t datlen, siglen; | 691 | char *alg; |
| 692 | size_t datlen, siglen, alglen; | ||
| 692 | int r, keyid, is_proof = 0; | 693 | int r, keyid, is_proof = 0; |
| 693 | const char proof_req[] = "hostkeys-prove-00@openssh.com"; | 694 | const char proof_req[] = "hostkeys-prove-00@openssh.com"; |
| 694 | 695 | ||
| 695 | debug3("%s", __func__); | 696 | debug3("%s", __func__); |
| 696 | 697 | ||
| 697 | if ((r = sshbuf_get_u32(m, &keyid)) != 0 || | 698 | if ((r = sshbuf_get_u32(m, &keyid)) != 0 || |
| 698 | (r = sshbuf_get_string(m, &p, &datlen)) != 0) | 699 | (r = sshbuf_get_string(m, &p, &datlen)) != 0 || |
| 700 | (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) | ||
| 699 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 701 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 700 | 702 | ||
| 701 | /* | 703 | /* |
| @@ -742,14 +744,14 @@ mm_answer_sign(int sock, Buffer *m) | |||
| 742 | } | 744 | } |
| 743 | 745 | ||
| 744 | if ((key = get_hostkey_by_index(keyid)) != NULL) { | 746 | if ((key = get_hostkey_by_index(keyid)) != NULL) { |
| 745 | if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, | 747 | if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, |
| 746 | datafellows)) != 0) | 748 | datafellows)) != 0) |
| 747 | fatal("%s: sshkey_sign failed: %s", | 749 | fatal("%s: sshkey_sign failed: %s", |
| 748 | __func__, ssh_err(r)); | 750 | __func__, ssh_err(r)); |
| 749 | } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && | 751 | } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && |
| 750 | auth_sock > 0) { | 752 | auth_sock > 0) { |
| 751 | if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, | 753 | if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, |
| 752 | p, datlen, datafellows)) != 0) { | 754 | p, datlen, alg, datafellows)) != 0) { |
| 753 | fatal("%s: ssh_agent_sign failed: %s", | 755 | fatal("%s: ssh_agent_sign failed: %s", |
| 754 | __func__, ssh_err(r)); | 756 | __func__, ssh_err(r)); |
| 755 | } | 757 | } |