diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-12-18 02:25:15 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-12-19 15:21:37 +1100 |
| commit | 04c7e28f83062dc42f2380d1bb3a6bf0190852c0 (patch) | |
| tree | bc2c59d39a33aba84e0576039474668ada2546d2 /ssh-rsa.c | |
| parent | 931c78dfd7fe30669681a59e536bbe66535f3ee9 (diff) | |
upstream commit
pass negotiated signing algorithm though to
sshkey_verify() and check that the negotiated algorithm matches the type in
the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
Diffstat (limited to 'ssh-rsa.c')
| -rw-r--r-- | ssh-rsa.c | 19 |
1 files changed, 13 insertions, 6 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-rsa.c,v 1.62 2017/07/01 13:50:45 djm Exp $ */ | 1 | /* $OpenBSD: ssh-rsa.c,v 1.63 2017/12/18 02:25:15 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> | 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> |
| 4 | * | 4 | * |
| @@ -198,9 +198,10 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
| 198 | 198 | ||
| 199 | int | 199 | int |
| 200 | ssh_rsa_verify(const struct sshkey *key, | 200 | ssh_rsa_verify(const struct sshkey *key, |
| 201 | const u_char *sig, size_t siglen, const u_char *data, size_t datalen) | 201 | const u_char *sig, size_t siglen, const u_char *data, size_t datalen, |
| 202 | const char *alg) | ||
| 202 | { | 203 | { |
| 203 | char *ktype = NULL; | 204 | char *sigtype = NULL; |
| 204 | int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; | 205 | int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; |
| 205 | size_t len, diff, modlen, dlen; | 206 | size_t len, diff, modlen, dlen; |
| 206 | struct sshbuf *b = NULL; | 207 | struct sshbuf *b = NULL; |
| @@ -215,11 +216,17 @@ ssh_rsa_verify(const struct sshkey *key, | |||
| 215 | 216 | ||
| 216 | if ((b = sshbuf_from(sig, siglen)) == NULL) | 217 | if ((b = sshbuf_from(sig, siglen)) == NULL) |
| 217 | return SSH_ERR_ALLOC_FAIL; | 218 | return SSH_ERR_ALLOC_FAIL; |
| 218 | if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { | 219 | if (sshbuf_get_cstring(b, &sigtype, NULL) != 0) { |
| 219 | ret = SSH_ERR_INVALID_FORMAT; | 220 | ret = SSH_ERR_INVALID_FORMAT; |
| 220 | goto out; | 221 | goto out; |
| 221 | } | 222 | } |
| 222 | if ((hash_alg = rsa_hash_alg_from_ident(ktype)) == -1) { | 223 | /* XXX djm: need cert types that reliably yield SHA-2 signatures */ |
| 224 | if (alg != NULL && strcmp(alg, sigtype) != 0 && | ||
| 225 | strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) { | ||
| 226 | ret = SSH_ERR_SIGNATURE_INVALID; | ||
| 227 | goto out; | ||
| 228 | } | ||
| 229 | if ((hash_alg = rsa_hash_alg_from_ident(sigtype)) == -1) { | ||
| 223 | ret = SSH_ERR_KEY_TYPE_MISMATCH; | 230 | ret = SSH_ERR_KEY_TYPE_MISMATCH; |
| 224 | goto out; | 231 | goto out; |
| 225 | } | 232 | } |
| @@ -263,7 +270,7 @@ ssh_rsa_verify(const struct sshkey *key, | |||
| 263 | explicit_bzero(sigblob, len); | 270 | explicit_bzero(sigblob, len); |
| 264 | free(sigblob); | 271 | free(sigblob); |
| 265 | } | 272 | } |
| 266 | free(ktype); | 273 | free(sigtype); |
| 267 | sshbuf_free(b); | 274 | sshbuf_free(b); |
| 268 | explicit_bzero(digest, sizeof(digest)); | 275 | explicit_bzero(digest, sizeof(digest)); |
| 269 | return ret; | 276 | return ret; |