diff options
Diffstat (limited to 'ssh-ecdsa-sk.c')
-rw-r--r-- | ssh-ecdsa-sk.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/ssh-ecdsa-sk.c b/ssh-ecdsa-sk.c index f33fac714..b2f31ae2d 100644 --- a/ssh-ecdsa-sk.c +++ b/ssh-ecdsa-sk.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-ecdsa-sk.c,v 1.3 2019/11/25 00:38:17 djm Exp $ */ | 1 | /* $OpenBSD: ssh-ecdsa-sk.c,v 1.4 2019/11/25 00:51:37 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -53,7 +53,8 @@ | |||
53 | int | 53 | int |
54 | ssh_ecdsa_sk_verify(const struct sshkey *key, | 54 | ssh_ecdsa_sk_verify(const struct sshkey *key, |
55 | const u_char *signature, size_t signaturelen, | 55 | const u_char *signature, size_t signaturelen, |
56 | const u_char *data, size_t datalen, u_int compat) | 56 | const u_char *data, size_t datalen, u_int compat, |
57 | struct sshkey_sig_details **detailsp) | ||
57 | { | 58 | { |
58 | ECDSA_SIG *sig = NULL; | 59 | ECDSA_SIG *sig = NULL; |
59 | BIGNUM *sig_r = NULL, *sig_s = NULL; | 60 | BIGNUM *sig_r = NULL, *sig_s = NULL; |
@@ -63,10 +64,13 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, | |||
63 | int ret = SSH_ERR_INTERNAL_ERROR; | 64 | int ret = SSH_ERR_INTERNAL_ERROR; |
64 | struct sshbuf *b = NULL, *sigbuf = NULL, *original_signed = NULL; | 65 | struct sshbuf *b = NULL, *sigbuf = NULL, *original_signed = NULL; |
65 | char *ktype = NULL; | 66 | char *ktype = NULL; |
67 | struct sshkey_sig_details *details = NULL; | ||
66 | #ifdef DEBUG_SK | 68 | #ifdef DEBUG_SK |
67 | char *tmp = NULL; | 69 | char *tmp = NULL; |
68 | #endif | 70 | #endif |
69 | 71 | ||
72 | if (detailsp != NULL) | ||
73 | *detailsp = NULL; | ||
70 | if (key == NULL || key->ecdsa == NULL || | 74 | if (key == NULL || key->ecdsa == NULL || |
71 | sshkey_type_plain(key->type) != KEY_ECDSA_SK || | 75 | sshkey_type_plain(key->type) != KEY_ECDSA_SK || |
72 | signature == NULL || signaturelen == 0) | 76 | signature == NULL || signaturelen == 0) |
@@ -149,6 +153,12 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, | |||
149 | if ((ret = ssh_digest_buffer(SSH_DIGEST_SHA256, original_signed, | 153 | if ((ret = ssh_digest_buffer(SSH_DIGEST_SHA256, original_signed, |
150 | sighash, sizeof(sighash))) != 0) | 154 | sighash, sizeof(sighash))) != 0) |
151 | goto out; | 155 | goto out; |
156 | if ((details = calloc(1, sizeof(*details))) == NULL) { | ||
157 | ret = SSH_ERR_ALLOC_FAIL; | ||
158 | goto out; | ||
159 | } | ||
160 | details->sk_counter = sig_counter; | ||
161 | details->sk_flags = sig_flags; | ||
152 | #ifdef DEBUG_SK | 162 | #ifdef DEBUG_SK |
153 | fprintf(stderr, "%s: signed buf:\n", __func__); | 163 | fprintf(stderr, "%s: signed buf:\n", __func__); |
154 | sshbuf_dump(original_signed, stderr); | 164 | sshbuf_dump(original_signed, stderr); |
@@ -168,13 +178,18 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, | |||
168 | ret = SSH_ERR_LIBCRYPTO_ERROR; | 178 | ret = SSH_ERR_LIBCRYPTO_ERROR; |
169 | goto out; | 179 | goto out; |
170 | } | 180 | } |
171 | 181 | /* success */ | |
182 | if (detailsp != NULL) { | ||
183 | *detailsp = details; | ||
184 | details = NULL; | ||
185 | } | ||
172 | out: | 186 | out: |
173 | explicit_bzero(&sig_flags, sizeof(sig_flags)); | 187 | explicit_bzero(&sig_flags, sizeof(sig_flags)); |
174 | explicit_bzero(&sig_counter, sizeof(sig_counter)); | 188 | explicit_bzero(&sig_counter, sizeof(sig_counter)); |
175 | explicit_bzero(msghash, sizeof(msghash)); | 189 | explicit_bzero(msghash, sizeof(msghash)); |
176 | explicit_bzero(sighash, sizeof(msghash)); | 190 | explicit_bzero(sighash, sizeof(msghash)); |
177 | explicit_bzero(apphash, sizeof(apphash)); | 191 | explicit_bzero(apphash, sizeof(apphash)); |
192 | sshkey_sig_details_free(details); | ||
178 | sshbuf_free(original_signed); | 193 | sshbuf_free(original_signed); |
179 | sshbuf_free(sigbuf); | 194 | sshbuf_free(sigbuf); |
180 | sshbuf_free(b); | 195 | sshbuf_free(b); |