1 files changed, 18 insertions, 3 deletions
diff --git a/ssh-ecdsa-sk.c b/ssh-ecdsa-sk.c
index f33fac714..b2f31ae2d 100644
--- a/ssh-ecdsa-sk.c
+++ b/ssh-ecdsa-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ecdsa-sk.c,v 1.3 2019/11/25 00:38:17 djm Exp $ */
+/* $OpenBSD: ssh-ecdsa-sk.c,v 1.4 2019/11/25 00:51:37 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -53,7 +53,8 @@
 int
 ssh_ecdsa_sk_verify(const struct sshkey *key,
    const u_char *signature, size_t signaturelen,
-    const u_char *data, size_t datalen, u_int compat)
+    const u_char *data, size_t datalen, u_int compat,
+    struct sshkey_sig_details **detailsp)
 {
        ECDSA_SIG *sig = NULL;
        BIGNUM *sig_r = NULL, *sig_s = NULL;
@@ -63,10 +64,13 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
        int ret = SSH_ERR_INTERNAL_ERROR;
        struct sshbuf *b = NULL, *sigbuf = NULL, *original_signed = NULL;
        char *ktype = NULL;
+        struct sshkey_sig_details *details = NULL;
 #ifdef DEBUG_SK
        char *tmp = NULL;
 #endif
+        if (detailsp != NULL)
+                *detailsp = NULL;
        if (key == NULL || key->ecdsa == NULL ||
            sshkey_type_plain(key->type) != KEY_ECDSA_SK ||
            signature == NULL || signaturelen == 0)
@@ -149,6 +153,12 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
        if ((ret = ssh_digest_buffer(SSH_DIGEST_SHA256, original_signed,
            sighash, sizeof(sighash))) != 0)
                goto out;
+        if ((details = calloc(1, sizeof(*details))) == NULL) {
+                ret = SSH_ERR_ALLOC_FAIL;
+                goto out;
+        }
+        details->sk_counter = sig_counter;
+        details->sk_flags = sig_flags;
 #ifdef DEBUG_SK
        fprintf(stderr, "%s: signed buf:\n", __func__);
        sshbuf_dump(original_signed, stderr);
@@ -168,13 +178,18 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
                ret = SSH_ERR_LIBCRYPTO_ERROR;
                goto out;
        }
+        /* success */
+        if (detailsp != NULL) {
+                *detailsp = details;
+                details = NULL;
+        }
 out:
        explicit_bzero(&sig_flags, sizeof(sig_flags));
        explicit_bzero(&sig_counter, sizeof(sig_counter));
        explicit_bzero(msghash, sizeof(msghash));
        explicit_bzero(sighash, sizeof(msghash));
        explicit_bzero(apphash, sizeof(apphash));
+        sshkey_sig_details_free(details);
        sshbuf_free(original_signed);
        sshbuf_free(sigbuf);
        sshbuf_free(b);

diff --git a/ssh-ecdsa-sk.c b/ssh-ecdsa-sk.c index f33fac714..b2f31ae2d 100644 --- a/ssh-ecdsa-sk.c +++ b/ssh-ecdsa-sk.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-ecdsa-sk.c,v 1.3 2019/11/25 00:38:17 djm Exp $ */	1	/* $OpenBSD: ssh-ecdsa-sk.c,v 1.4 2019/11/25 00:51:37 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	* Copyright (c) 2010 Damien Miller. All rights reserved.	4	* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -53,7 +53,8 @@
53	int	53	int
54	ssh_ecdsa_sk_verify(const struct sshkey *key,	54	ssh_ecdsa_sk_verify(const struct sshkey *key,
55	const u_char *signature, size_t signaturelen,	55	const u_char *signature, size_t signaturelen,
56	const u_char *data, size_t datalen, u_int compat)	56	const u_char *data, size_t datalen, u_int compat,
		57	struct sshkey_sig_details **detailsp)
57	{	58	{
58	ECDSA_SIG *sig = NULL;	59	ECDSA_SIG *sig = NULL;
59	BIGNUM sig_r = NULL, sig_s = NULL;	60	BIGNUM sig_r = NULL, sig_s = NULL;
@@ -63,10 +64,13 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
63	int ret = SSH_ERR_INTERNAL_ERROR;	64	int ret = SSH_ERR_INTERNAL_ERROR;
64	struct sshbuf b = NULL, sigbuf = NULL, *original_signed = NULL;	65	struct sshbuf b = NULL, sigbuf = NULL, *original_signed = NULL;
65	char *ktype = NULL;	66	char *ktype = NULL;
		67	struct sshkey_sig_details *details = NULL;
66	#ifdef DEBUG_SK	68	#ifdef DEBUG_SK
67	char *tmp = NULL;	69	char *tmp = NULL;
68	#endif	70	#endif
69		71
		72	if (detailsp != NULL)
		73	*detailsp = NULL;
70	if (key == NULL \|\| key->ecdsa == NULL \|\|	74	if (key == NULL \|\| key->ecdsa == NULL \|\|
71	sshkey_type_plain(key->type) != KEY_ECDSA_SK \|\|	75	sshkey_type_plain(key->type) != KEY_ECDSA_SK \|\|
72	signature == NULL \|\| signaturelen == 0)	76	signature == NULL \|\| signaturelen == 0)
@@ -149,6 +153,12 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
149	if ((ret = ssh_digest_buffer(SSH_DIGEST_SHA256, original_signed,	153	if ((ret = ssh_digest_buffer(SSH_DIGEST_SHA256, original_signed,
150	sighash, sizeof(sighash))) != 0)	154	sighash, sizeof(sighash))) != 0)
151	goto out;	155	goto out;
		156	if ((details = calloc(1, sizeof(*details))) == NULL) {
		157	ret = SSH_ERR_ALLOC_FAIL;
		158	goto out;
		159	}
		160	details->sk_counter = sig_counter;
		161	details->sk_flags = sig_flags;
152	#ifdef DEBUG_SK	162	#ifdef DEBUG_SK
153	fprintf(stderr, "%s: signed buf:\n", __func__);	163	fprintf(stderr, "%s: signed buf:\n", __func__);
154	sshbuf_dump(original_signed, stderr);	164	sshbuf_dump(original_signed, stderr);
@@ -168,13 +178,18 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
168	ret = SSH_ERR_LIBCRYPTO_ERROR;	178	ret = SSH_ERR_LIBCRYPTO_ERROR;
169	goto out;	179	goto out;
170	}	180	}
171		181	/* success */
		182	if (detailsp != NULL) {
		183	*detailsp = details;
		184	details = NULL;
		185	}
172	out:	186	out:
173	explicit_bzero(&sig_flags, sizeof(sig_flags));	187	explicit_bzero(&sig_flags, sizeof(sig_flags));
174	explicit_bzero(&sig_counter, sizeof(sig_counter));	188	explicit_bzero(&sig_counter, sizeof(sig_counter));
175	explicit_bzero(msghash, sizeof(msghash));	189	explicit_bzero(msghash, sizeof(msghash));
176	explicit_bzero(sighash, sizeof(msghash));	190	explicit_bzero(sighash, sizeof(msghash));
177	explicit_bzero(apphash, sizeof(apphash));	191	explicit_bzero(apphash, sizeof(apphash));
		192	sshkey_sig_details_free(details);
178	sshbuf_free(original_signed);	193	sshbuf_free(original_signed);
179	sshbuf_free(sigbuf);	194	sshbuf_free(sigbuf);
180	sshbuf_free(b);	195	sshbuf_free(b);