diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 15 |
1 files changed, 8 insertions, 7 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.184 2018/07/10 09:13:30 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.185 2018/07/11 18:53:29 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -68,7 +68,7 @@ | |||
68 | #include "atomicio.h" | 68 | #include "atomicio.h" |
69 | #include "xmalloc.h" | 69 | #include "xmalloc.h" |
70 | #include "ssh.h" | 70 | #include "ssh.h" |
71 | #include "key.h" | 71 | #include "sshkey.h" |
72 | #include "sshbuf.h" | 72 | #include "sshbuf.h" |
73 | #include "hostfile.h" | 73 | #include "hostfile.h" |
74 | #include "auth.h" | 74 | #include "auth.h" |
@@ -630,14 +630,15 @@ mm_answer_sign(int sock, struct sshbuf *m) | |||
630 | char *alg = NULL; | 630 | char *alg = NULL; |
631 | size_t datlen, siglen, alglen; | 631 | size_t datlen, siglen, alglen; |
632 | int r, is_proof = 0; | 632 | int r, is_proof = 0; |
633 | u_int keyid; | 633 | u_int keyid, compat; |
634 | const char proof_req[] = "hostkeys-prove-00@openssh.com"; | 634 | const char proof_req[] = "hostkeys-prove-00@openssh.com"; |
635 | 635 | ||
636 | debug3("%s", __func__); | 636 | debug3("%s", __func__); |
637 | 637 | ||
638 | if ((r = sshbuf_get_u32(m, &keyid)) != 0 || | 638 | if ((r = sshbuf_get_u32(m, &keyid)) != 0 || |
639 | (r = sshbuf_get_string(m, &p, &datlen)) != 0 || | 639 | (r = sshbuf_get_string(m, &p, &datlen)) != 0 || |
640 | (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) | 640 | (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0 || |
641 | (r = sshbuf_get_u32(m, &compat)) != 0) | ||
641 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 642 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
642 | if (keyid > INT_MAX) | 643 | if (keyid > INT_MAX) |
643 | fatal("%s: invalid key ID", __func__); | 644 | fatal("%s: invalid key ID", __func__); |
@@ -687,13 +688,13 @@ mm_answer_sign(int sock, struct sshbuf *m) | |||
687 | 688 | ||
688 | if ((key = get_hostkey_by_index(keyid)) != NULL) { | 689 | if ((key = get_hostkey_by_index(keyid)) != NULL) { |
689 | if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, | 690 | if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, |
690 | datafellows)) != 0) | 691 | compat)) != 0) |
691 | fatal("%s: sshkey_sign failed: %s", | 692 | fatal("%s: sshkey_sign failed: %s", |
692 | __func__, ssh_err(r)); | 693 | __func__, ssh_err(r)); |
693 | } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && | 694 | } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && |
694 | auth_sock > 0) { | 695 | auth_sock > 0) { |
695 | if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, | 696 | if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, |
696 | p, datlen, alg, datafellows)) != 0) { | 697 | p, datlen, alg, compat)) != 0) { |
697 | fatal("%s: ssh_agent_sign failed: %s", | 698 | fatal("%s: ssh_agent_sign failed: %s", |
698 | __func__, ssh_err(r)); | 699 | __func__, ssh_err(r)); |
699 | } | 700 | } |
@@ -1208,7 +1209,7 @@ mm_answer_keyallowed(int sock, struct sshbuf *m) | |||
1208 | 1209 | ||
1209 | if (key != NULL && authctxt->valid) { | 1210 | if (key != NULL && authctxt->valid) { |
1210 | /* These should not make it past the privsep child */ | 1211 | /* These should not make it past the privsep child */ |
1211 | if (key_type_plain(key->type) == KEY_RSA && | 1212 | if (sshkey_type_plain(key->type) == KEY_RSA && |
1212 | (datafellows & SSH_BUG_RSASIGMD5) != 0) | 1213 | (datafellows & SSH_BUG_RSASIGMD5) != 0) |
1213 | fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__); | 1214 | fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__); |
1214 | 1215 | ||