diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-11-25 00:51:37 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-25 12:23:33 +1100 |
commit | b7e74ea072919b31391bc0f5ff653f80b9f5e84f (patch) | |
tree | adb2a736c1b9f6346d342600877818631f9dbb3d /sshkey.c | |
parent | d2b0f88178ec9e3f11b606bf1004ac2fe541a2c3 (diff) |
upstream: Add new structure for signature options
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.
with and ok markus@
OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
Diffstat (limited to 'sshkey.c')
-rw-r--r-- | sshkey.c | 19 |
1 files changed, 14 insertions, 5 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.c,v 1.95 2019/11/18 06:58:00 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.96 2019/11/25 00:51:37 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
@@ -2301,7 +2301,7 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) | |||
2301 | goto out; | 2301 | goto out; |
2302 | } | 2302 | } |
2303 | if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, | 2303 | if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, |
2304 | sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0) | 2304 | sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0, NULL)) != 0) |
2305 | goto out; | 2305 | goto out; |
2306 | if ((ret = sshkey_get_sigtype(sig, slen, | 2306 | if ((ret = sshkey_get_sigtype(sig, slen, |
2307 | &key->cert->signature_type)) != 0) | 2307 | &key->cert->signature_type)) != 0) |
@@ -2796,8 +2796,11 @@ sshkey_sign(struct sshkey *key, | |||
2796 | int | 2796 | int |
2797 | sshkey_verify(const struct sshkey *key, | 2797 | sshkey_verify(const struct sshkey *key, |
2798 | const u_char *sig, size_t siglen, | 2798 | const u_char *sig, size_t siglen, |
2799 | const u_char *data, size_t dlen, const char *alg, u_int compat) | 2799 | const u_char *data, size_t dlen, const char *alg, u_int compat, |
2800 | struct sshkey_sig_details **detailsp) | ||
2800 | { | 2801 | { |
2802 | if (detailsp != NULL) | ||
2803 | *detailsp = NULL; | ||
2801 | if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) | 2804 | if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) |
2802 | return SSH_ERR_INVALID_ARGUMENT; | 2805 | return SSH_ERR_INVALID_ARGUMENT; |
2803 | switch (key->type) { | 2806 | switch (key->type) { |
@@ -2813,7 +2816,7 @@ sshkey_verify(const struct sshkey *key, | |||
2813 | case KEY_ECDSA_SK_CERT: | 2816 | case KEY_ECDSA_SK_CERT: |
2814 | case KEY_ECDSA_SK: | 2817 | case KEY_ECDSA_SK: |
2815 | return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen, | 2818 | return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen, |
2816 | compat); | 2819 | compat, detailsp); |
2817 | # endif /* ENABLE_SK */ | 2820 | # endif /* ENABLE_SK */ |
2818 | # endif /* OPENSSL_HAS_ECC */ | 2821 | # endif /* OPENSSL_HAS_ECC */ |
2819 | case KEY_RSA_CERT: | 2822 | case KEY_RSA_CERT: |
@@ -2826,7 +2829,7 @@ sshkey_verify(const struct sshkey *key, | |||
2826 | case KEY_ED25519_SK: | 2829 | case KEY_ED25519_SK: |
2827 | case KEY_ED25519_SK_CERT: | 2830 | case KEY_ED25519_SK_CERT: |
2828 | return ssh_ed25519_sk_verify(key, sig, siglen, data, dlen, | 2831 | return ssh_ed25519_sk_verify(key, sig, siglen, data, dlen, |
2829 | compat); | 2832 | compat, detailsp); |
2830 | #ifdef WITH_XMSS | 2833 | #ifdef WITH_XMSS |
2831 | case KEY_XMSS: | 2834 | case KEY_XMSS: |
2832 | case KEY_XMSS_CERT: | 2835 | case KEY_XMSS_CERT: |
@@ -4661,6 +4664,12 @@ sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, | |||
4661 | passphrase, keyp, commentp); | 4664 | passphrase, keyp, commentp); |
4662 | } | 4665 | } |
4663 | 4666 | ||
4667 | void | ||
4668 | sshkey_sig_details_free(struct sshkey_sig_details *details) | ||
4669 | { | ||
4670 | freezero(details, sizeof(*details)); | ||
4671 | } | ||
4672 | |||
4664 | #ifdef WITH_XMSS | 4673 | #ifdef WITH_XMSS |
4665 | /* | 4674 | /* |
4666 | * serialize the key with the current state and forward the state | 4675 | * serialize the key with the current state and forward the state |