1 files changed, 21 insertions, 6 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 4169b7604..001a8fa1c 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.113 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.117 2019/12/15 18:57:30 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -215,7 +215,8 @@ mm_choose_dh(int min, int nbits, int max)
 int
 mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
-    const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat)
+    const u_char *data, size_t datalen, const char *hostkey_alg,
+    const char *sk_provider, u_int compat)
 {
        struct kex *kex = *pmonitor->m_pkex;
        struct sshbuf *m;
@@ -223,7 +224,6 @@ mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
        int r;
        debug3("%s entering", __func__);
        if ((m = sshbuf_new()) == NULL)
                fatal("%s: sshbuf_new failed", __func__);
        if ((r = sshbuf_put_u32(m, ndx)) != 0 ||
@@ -493,15 +493,19 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
 int
 mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
-    const u_char *data, size_t datalen, const char *sigalg, u_int compat)
+    const u_char *data, size_t datalen, const char *sigalg, u_int compat,
+    struct sshkey_sig_details **sig_detailsp)
 {
        struct sshbuf *m;
        u_int encoded_ret = 0;
        int r;
+        u_char sig_details_present, flags;
+        u_int counter;
        debug3("%s entering", __func__);
+        if (sig_detailsp != NULL)
+                *sig_detailsp = NULL;
        if ((m = sshbuf_new()) == NULL)
                fatal("%s: sshbuf_new failed", __func__);
        if ((r = sshkey_puts(key, m)) != 0 ||
@@ -516,8 +520,19 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
        mm_request_receive_expect(pmonitor->m_recvfd,
            MONITOR_ANS_KEYVERIFY, m);
-        if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0)
+        if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0 ||
+            (r = sshbuf_get_u8(m, &sig_details_present)) != 0)
                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+        if (sig_details_present && encoded_ret == 0) {
+                if ((r = sshbuf_get_u32(m, &counter)) != 0 ||
+                    (r = sshbuf_get_u8(m, &flags)) != 0)
+                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
+                if (sig_detailsp != NULL) {
+                        *sig_detailsp = xcalloc(1, sizeof(**sig_detailsp));
+                        (*sig_detailsp)->sk_counter = counter;
+                        (*sig_detailsp)->sk_flags = flags;
+                }
+        }
        sshbuf_free(m);

diff --git a/monitor_wrap.c b/monitor_wrap.c index 4169b7604..001a8fa1c 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: monitor_wrap.c,v 1.113 2019/06/28 13:35:04 deraadt Exp $ */	1	/* $OpenBSD: monitor_wrap.c,v 1.117 2019/12/15 18:57:30 djm Exp $ */
2	/*	2	/*
3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>	3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
4	* Copyright 2002 Markus Friedl <markus@openbsd.org>	4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -215,7 +215,8 @@ mm_choose_dh(int min, int nbits, int max)
215		215
216	int	216	int
217	mm_sshkey_sign(struct ssh ssh, struct sshkey key, u_char *sigp, size_t lenp,	217	mm_sshkey_sign(struct ssh ssh, struct sshkey key, u_char *sigp, size_t lenp,
218	const u_char data, size_t datalen, const char hostkey_alg, u_int compat)	218	const u_char data, size_t datalen, const char hostkey_alg,
		219	const char *sk_provider, u_int compat)
219	{	220	{
220	struct kex kex = pmonitor->m_pkex;	221	struct kex kex = pmonitor->m_pkex;
221	struct sshbuf *m;	222	struct sshbuf *m;
@@ -223,7 +224,6 @@ mm_sshkey_sign(struct ssh ssh, struct sshkey key, u_char *sigp, size_t lenp,
223	int r;	224	int r;
224		225
225	debug3("%s entering", __func__);	226	debug3("%s entering", __func__);
226
227	if ((m = sshbuf_new()) == NULL)	227	if ((m = sshbuf_new()) == NULL)
228	fatal("%s: sshbuf_new failed", __func__);	228	fatal("%s: sshbuf_new failed", __func__);
229	if ((r = sshbuf_put_u32(m, ndx)) != 0 \|\|	229	if ((r = sshbuf_put_u32(m, ndx)) != 0 \|\|
@@ -493,15 +493,19 @@ mm_key_allowed(enum mm_keytype type, const char user, const char host,
493		493
494	int	494	int
495	mm_sshkey_verify(const struct sshkey key, const u_char sig, size_t siglen,	495	mm_sshkey_verify(const struct sshkey key, const u_char sig, size_t siglen,
496	const u_char data, size_t datalen, const char sigalg, u_int compat)	496	const u_char data, size_t datalen, const char sigalg, u_int compat,
		497	struct sshkey_sig_details **sig_detailsp)
497	{	498	{
498	struct sshbuf *m;	499	struct sshbuf *m;
499	u_int encoded_ret = 0;	500	u_int encoded_ret = 0;
500	int r;	501	int r;
		502	u_char sig_details_present, flags;
		503	u_int counter;
501		504
502	debug3("%s entering", __func__);	505	debug3("%s entering", __func__);
503		506
504		507	if (sig_detailsp != NULL)
		508	*sig_detailsp = NULL;
505	if ((m = sshbuf_new()) == NULL)	509	if ((m = sshbuf_new()) == NULL)
506	fatal("%s: sshbuf_new failed", __func__);	510	fatal("%s: sshbuf_new failed", __func__);
507	if ((r = sshkey_puts(key, m)) != 0 \|\|	511	if ((r = sshkey_puts(key, m)) != 0 \|\|
@@ -516,8 +520,19 @@ mm_sshkey_verify(const struct sshkey key, const u_char sig, size_t siglen,
516	mm_request_receive_expect(pmonitor->m_recvfd,	520	mm_request_receive_expect(pmonitor->m_recvfd,
517	MONITOR_ANS_KEYVERIFY, m);	521	MONITOR_ANS_KEYVERIFY, m);
518		522
519	if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0)	523	if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0 \|\|
		524	(r = sshbuf_get_u8(m, &sig_details_present)) != 0)
520	fatal("%s: buffer error: %s", __func__, ssh_err(r));	525	fatal("%s: buffer error: %s", __func__, ssh_err(r));
		526	if (sig_details_present && encoded_ret == 0) {
		527	if ((r = sshbuf_get_u32(m, &counter)) != 0 \|\|
		528	(r = sshbuf_get_u8(m, &flags)) != 0)
		529	fatal("%s: buffer error: %s", __func__, ssh_err(r));
		530	if (sig_detailsp != NULL) {
		531	sig_detailsp = xcalloc(1, sizeof(*sig_detailsp));
		532	(*sig_detailsp)->sk_counter = counter;
		533	(*sig_detailsp)->sk_flags = flags;
		534	}
		535	}
521		536
522	sshbuf_free(m);	537	sshbuf_free(m);
523		538