summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-11-25 00:51:37 +0000
committerDamien Miller <djm@mindrot.org>2019-11-25 12:23:33 +1100
commitb7e74ea072919b31391bc0f5ff653f80b9f5e84f (patch)
treeadb2a736c1b9f6346d342600877818631f9dbb3d /ssh-keygen.c
parentd2b0f88178ec9e3f11b606bf1004ac2fe541a2c3 (diff)
upstream: Add new structure for signature options
This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index e869989d7..08dd7cb8a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.369 2019/11/18 23:16:49 naddy Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.370 2019/11/25 00:51:37 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -584,7 +584,7 @@ do_convert_private_ssh2(struct sshbuf *b)
584 if (sshkey_sign(key, &sig, &slen, data, sizeof(data), 584 if (sshkey_sign(key, &sig, &slen, data, sizeof(data),
585 NULL, NULL, 0) != 0 || 585 NULL, NULL, 0) != 0 ||
586 sshkey_verify(key, sig, slen, data, sizeof(data), 586 sshkey_verify(key, sig, slen, data, sizeof(data),
587 NULL, 0) != 0) { 587 NULL, 0, NULL) != 0) {
588 sshkey_free(key); 588 sshkey_free(key);
589 free(sig); 589 free(sig);
590 return NULL; 590 return NULL;
@@ -2657,7 +2657,9 @@ verify(const char *signature, const char *sig_namespace, const char *principal,
2657 struct sshbuf *sigbuf = NULL, *abuf = NULL; 2657 struct sshbuf *sigbuf = NULL, *abuf = NULL;
2658 struct sshkey *sign_key = NULL; 2658 struct sshkey *sign_key = NULL;
2659 char *fp = NULL; 2659 char *fp = NULL;
2660 struct sshkey_sig_details *sig_details = NULL;
2660 2661
2662 memset(&sig_details, 0, sizeof(sig_details));
2661 if ((abuf = sshbuf_new()) == NULL) 2663 if ((abuf = sshbuf_new()) == NULL)
2662 fatal("%s: sshbuf_new() failed", __func__); 2664 fatal("%s: sshbuf_new() failed", __func__);
2663 2665
@@ -2675,13 +2677,17 @@ verify(const char *signature, const char *sig_namespace, const char *principal,
2675 return r; 2677 return r;
2676 } 2678 }
2677 if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace, 2679 if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace,
2678 &sign_key)) != 0) 2680 &sign_key, &sig_details)) != 0)
2679 goto done; /* sshsig_verify() prints error */ 2681 goto done; /* sshsig_verify() prints error */
2680 2682
2681 if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash, 2683 if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash,
2682 SSH_FP_DEFAULT)) == NULL) 2684 SSH_FP_DEFAULT)) == NULL)
2683 fatal("%s: sshkey_fingerprint failed", __func__); 2685 fatal("%s: sshkey_fingerprint failed", __func__);
2684 debug("Valid (unverified) signature from key %s", fp); 2686 debug("Valid (unverified) signature from key %s", fp);
2687 if (sig_details != NULL) {
2688 debug2("%s: signature details: counter = %u, flags = 0x%02x",
2689 __func__, sig_details->sk_counter, sig_details->sk_flags);
2690 }
2685 free(fp); 2691 free(fp);
2686 fp = NULL; 2692 fp = NULL;
2687 2693
@@ -2726,6 +2732,7 @@ done:
2726 sshbuf_free(sigbuf); 2732 sshbuf_free(sigbuf);
2727 sshbuf_free(abuf); 2733 sshbuf_free(abuf);
2728 sshkey_free(sign_key); 2734 sshkey_free(sign_key);
2735 sshkey_sig_details_free(sig_details);
2729 free(fp); 2736 free(fp);
2730 return ret; 2737 return ret;
2731} 2738}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-10 18:00:47 +0000