1 files changed, 23 insertions, 18 deletions
diff --git a/monitor.c b/monitor.c
index cd4089398..2dee9721d 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.168 2017/05/30 08:52:19 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.169 2017/05/30 14:10:53 markus Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1330,25 +1330,25 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
 }
 int
-mm_answer_keyverify(int sock, Buffer *m)
+mm_answer_keyverify(int sock, struct sshbuf *m)
 {
        struct sshkey *key;
        u_char *signature, *data, *blob;
-        u_int signaturelen, datalen, bloblen;
+        size_t signaturelen, datalen, bloblen;
-        int verified = 0;
+        int r, ret, valid_data = 0, encoded_ret;
-        int valid_data = 0;
-        blob = buffer_get_string(m, &bloblen);
+        if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
-        signature = buffer_get_string(m, &signaturelen);
+            (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
-        data = buffer_get_string(m, &datalen);
+            (r = sshbuf_get_string(m, &data, &datalen)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
        if (hostbased_cuser == NULL || hostbased_chost == NULL ||
          !monitor_allowed_key(blob, bloblen))
                fatal("%s: bad key, not previously allowed", __func__);
-        key = key_from_blob(blob, bloblen);
+        /* XXX use sshkey_froms here; need to change key_blob, etc. */
-        if (key == NULL)
+        if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0)
-                fatal("%s: bad public key blob", __func__);
+                fatal("%s: bad public key blob: %s", __func__, ssh_err(r));
        switch (key_blobtype) {
        case MM_USERKEY:
@@ -1365,15 +1365,16 @@ mm_answer_keyverify(int sock, Buffer *m)
        if (!valid_data)
                fatal("%s: bad signature data blob", __func__);
-        verified = key_verify(key, signature, signaturelen, data, datalen);
+        ret = sshkey_verify(key, signature, signaturelen, data, datalen,
+            active_state->compat);
        debug3("%s: key %p signature %s",
-            __func__, key, (verified == 1) ? "verified" : "unverified");
+            __func__, key, (ret == 0) ? "verified" : "unverified");
        /* If auth was successful then record key to ensure it isn't reused */
-        if (verified == 1 && key_blobtype == MM_USERKEY)
+        if (ret == 0 && key_blobtype == MM_USERKEY)
                auth2_record_userkey(authctxt, key);
        else
-                key_free(key);
+                sshkey_free(key);
        free(blob);
        free(signature);
@@ -1383,11 +1384,15 @@ mm_answer_keyverify(int sock, Buffer *m)
        monitor_reset_key_state();
-        buffer_clear(m);
+        sshbuf_reset(m);
-        buffer_put_int(m, verified);
+        /* encode ret != 0 as positive integer, since we're sending u32 */
+        encoded_ret = (ret != 0);
+        if ((r = sshbuf_put_u32(m, encoded_ret)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
        mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
-        return (verified == 1);
+        return ret == 0;
 }
 static void

diff --git a/monitor.c b/monitor.c index cd4089398..2dee9721d 100644 --- a/monitor.c +++ b/monitor.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: monitor.c,v 1.168 2017/05/30 08:52:19 markus Exp $ */	1	/* $OpenBSD: monitor.c,v 1.169 2017/05/30 14:10:53 markus Exp $ */
2	/*	2	/*
3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>	3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
4	* Copyright 2002 Markus Friedl <markus@openbsd.org>	4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1330,25 +1330,25 @@ monitor_valid_hostbasedblob(u_char data, u_int datalen, char cuser,
1330	}	1330	}
1331		1331
1332	int	1332	int
1333	mm_answer_keyverify(int sock, Buffer *m)	1333	mm_answer_keyverify(int sock, struct sshbuf *m)
1334	{	1334	{
1335	struct sshkey *key;	1335	struct sshkey *key;
1336	u_char signature, data, *blob;	1336	u_char signature, data, *blob;
1337	u_int signaturelen, datalen, bloblen;	1337	size_t signaturelen, datalen, bloblen;
1338	int verified = 0;	1338	int r, ret, valid_data = 0, encoded_ret;
1339	int valid_data = 0;
1340		1339
1341	blob = buffer_get_string(m, &bloblen);	1340	if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 \|\|
1342	signature = buffer_get_string(m, &signaturelen);	1341	(r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 \|\|
1343	data = buffer_get_string(m, &datalen);	1342	(r = sshbuf_get_string(m, &data, &datalen)) != 0)
		1343	fatal("%s: buffer error: %s", __func__, ssh_err(r));
1344		1344
1345	if (hostbased_cuser == NULL \|\| hostbased_chost == NULL \|\|	1345	if (hostbased_cuser == NULL \|\| hostbased_chost == NULL \|\|
1346	!monitor_allowed_key(blob, bloblen))	1346	!monitor_allowed_key(blob, bloblen))
1347	fatal("%s: bad key, not previously allowed", __func__);	1347	fatal("%s: bad key, not previously allowed", __func__);
1348		1348
1349	key = key_from_blob(blob, bloblen);	1349	/* XXX use sshkey_froms here; need to change key_blob, etc. */
1350	if (key == NULL)	1350	if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0)
1351	fatal("%s: bad public key blob", __func__);	1351	fatal("%s: bad public key blob: %s", __func__, ssh_err(r));
1352		1352
1353	switch (key_blobtype) {	1353	switch (key_blobtype) {
1354	case MM_USERKEY:	1354	case MM_USERKEY:
@@ -1365,15 +1365,16 @@ mm_answer_keyverify(int sock, Buffer *m)
1365	if (!valid_data)	1365	if (!valid_data)
1366	fatal("%s: bad signature data blob", __func__);	1366	fatal("%s: bad signature data blob", __func__);
1367		1367
1368	verified = key_verify(key, signature, signaturelen, data, datalen);	1368	ret = sshkey_verify(key, signature, signaturelen, data, datalen,
		1369	active_state->compat);
1369	debug3("%s: key %p signature %s",	1370	debug3("%s: key %p signature %s",
1370	__func__, key, (verified == 1) ? "verified" : "unverified");	1371	__func__, key, (ret == 0) ? "verified" : "unverified");
1371		1372
1372	/* If auth was successful then record key to ensure it isn't reused */	1373	/* If auth was successful then record key to ensure it isn't reused */
1373	if (verified == 1 && key_blobtype == MM_USERKEY)	1374	if (ret == 0 && key_blobtype == MM_USERKEY)
1374	auth2_record_userkey(authctxt, key);	1375	auth2_record_userkey(authctxt, key);
1375	else	1376	else
1376	key_free(key);	1377	sshkey_free(key);
1377		1378
1378	free(blob);	1379	free(blob);
1379	free(signature);	1380	free(signature);
@@ -1383,11 +1384,15 @@ mm_answer_keyverify(int sock, Buffer *m)
1383		1384
1384	monitor_reset_key_state();	1385	monitor_reset_key_state();
1385		1386
1386	buffer_clear(m);	1387	sshbuf_reset(m);
1387	buffer_put_int(m, verified);	1388
		1389	/* encode ret != 0 as positive integer, since we're sending u32 */
		1390	encoded_ret = (ret != 0);
		1391	if ((r = sshbuf_put_u32(m, encoded_ret)) != 0)
		1392	fatal("%s: buffer error: %s", __func__, ssh_err(r));
1388	mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);	1393	mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
1389		1394
1390	return (verified == 1);	1395	return ret == 0;
1391	}	1396	}
1392		1397
1393	static void	1398	static void