summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c42
1 files changed, 24 insertions, 18 deletions
diff --git a/monitor.c b/monitor.c
index 5a28d1b34..6858478ca 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.137 2015/01/13 07:39:19 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.138 2015/01/14 20:05:27 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -101,6 +101,7 @@
101#include "roaming.h" 101#include "roaming.h"
102#include "authfd.h" 102#include "authfd.h"
103#include "match.h" 103#include "match.h"
104#include "ssherr.h"
104 105
105#ifdef GSSAPI 106#ifdef GSSAPI
106static Gssctxt *gsscontext = NULL; 107static Gssctxt *gsscontext = NULL;
@@ -685,28 +686,28 @@ mm_answer_moduli(int sock, Buffer *m)
685} 686}
686#endif 687#endif
687 688
688extern AuthenticationConnection *auth_conn;
689
690int 689int
691mm_answer_sign(int sock, Buffer *m) 690mm_answer_sign(int sock, Buffer *m)
692{ 691{
693 Key *key; 692 extern int auth_sock; /* XXX move to state struct? */
693 struct sshkey *key;
694 u_char *p; 694 u_char *p;
695 u_char *signature; 695 u_char *signature;
696 u_int siglen, datlen; 696 size_t datlen, siglen;
697 int keyid; 697 int r, keyid;
698 698
699 debug3("%s", __func__); 699 debug3("%s", __func__);
700 700
701 keyid = buffer_get_int(m); 701 if ((r = sshbuf_get_u32(m, &keyid)) != 0 ||
702 p = buffer_get_string(m, &datlen); 702 (r = sshbuf_get_string(m, &p, &datlen)) != 0)
703 fatal("%s: buffer error: %s", __func__, ssh_err(r));
703 704
704 /* 705 /*
705 * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), 706 * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes),
706 * SHA384 (48 bytes) and SHA512 (64 bytes). 707 * SHA384 (48 bytes) and SHA512 (64 bytes).
707 */ 708 */
708 if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64) 709 if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64)
709 fatal("%s: data length incorrect: %u", __func__, datlen); 710 fatal("%s: data length incorrect: %zu", __func__, datlen);
710 711
711 /* save session id, it will be passed on the first call */ 712 /* save session id, it will be passed on the first call */
712 if (session_id2_len == 0) { 713 if (session_id2_len == 0) {
@@ -716,20 +717,25 @@ mm_answer_sign(int sock, Buffer *m)
716 } 717 }
717 718
718 if ((key = get_hostkey_by_index(keyid)) != NULL) { 719 if ((key = get_hostkey_by_index(keyid)) != NULL) {
719 if (key_sign(key, &signature, &siglen, p, datlen) < 0) 720 if ((r = sshkey_sign(key, &signature, &siglen, p, datlen,
720 fatal("%s: key_sign failed", __func__); 721 datafellows)) != 0)
722 fatal("%s: sshkey_sign failed: %s",
723 __func__, ssh_err(r));
721 } else if ((key = get_hostkey_public_by_index(keyid)) != NULL && 724 } else if ((key = get_hostkey_public_by_index(keyid)) != NULL &&
722 auth_conn != NULL) { 725 auth_sock > 0) {
723 if (ssh_agent_sign(auth_conn, key, &signature, &siglen, p, 726 if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen,
724 datlen) < 0) 727 p, datlen, datafellows)) != 0) {
725 fatal("%s: ssh_agent_sign failed", __func__); 728 fatal("%s: ssh_agent_sign failed: %s",
729 __func__, ssh_err(r));
730 }
726 } else 731 } else
727 fatal("%s: no hostkey from index %d", __func__, keyid); 732 fatal("%s: no hostkey from index %d", __func__, keyid);
728 733
729 debug3("%s: signature %p(%u)", __func__, signature, siglen); 734 debug3("%s: signature %p(%zu)", __func__, signature, siglen);
730 735
731 buffer_clear(m); 736 sshbuf_reset(m);
732 buffer_put_string(m, signature, siglen); 737 if ((r = sshbuf_put_string(m, signature, siglen)) != 0)
738 fatal("%s: buffer error: %s", __func__, ssh_err(r));
733 739
734 free(p); 740 free(p);
735 free(signature); 741 free(signature);