summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index e869989d7..08dd7cb8a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.369 2019/11/18 23:16:49 naddy Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.370 2019/11/25 00:51:37 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -584,7 +584,7 @@ do_convert_private_ssh2(struct sshbuf *b)
584 if (sshkey_sign(key, &sig, &slen, data, sizeof(data), 584 if (sshkey_sign(key, &sig, &slen, data, sizeof(data),
585 NULL, NULL, 0) != 0 || 585 NULL, NULL, 0) != 0 ||
586 sshkey_verify(key, sig, slen, data, sizeof(data), 586 sshkey_verify(key, sig, slen, data, sizeof(data),
587 NULL, 0) != 0) { 587 NULL, 0, NULL) != 0) {
588 sshkey_free(key); 588 sshkey_free(key);
589 free(sig); 589 free(sig);
590 return NULL; 590 return NULL;
@@ -2657,7 +2657,9 @@ verify(const char *signature, const char *sig_namespace, const char *principal,
2657 struct sshbuf *sigbuf = NULL, *abuf = NULL; 2657 struct sshbuf *sigbuf = NULL, *abuf = NULL;
2658 struct sshkey *sign_key = NULL; 2658 struct sshkey *sign_key = NULL;
2659 char *fp = NULL; 2659 char *fp = NULL;
2660 struct sshkey_sig_details *sig_details = NULL;
2660 2661
2662 memset(&sig_details, 0, sizeof(sig_details));
2661 if ((abuf = sshbuf_new()) == NULL) 2663 if ((abuf = sshbuf_new()) == NULL)
2662 fatal("%s: sshbuf_new() failed", __func__); 2664 fatal("%s: sshbuf_new() failed", __func__);
2663 2665
@@ -2675,13 +2677,17 @@ verify(const char *signature, const char *sig_namespace, const char *principal,
2675 return r; 2677 return r;
2676 } 2678 }
2677 if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace, 2679 if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace,
2678 &sign_key)) != 0) 2680 &sign_key, &sig_details)) != 0)
2679 goto done; /* sshsig_verify() prints error */ 2681 goto done; /* sshsig_verify() prints error */
2680 2682
2681 if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash, 2683 if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash,
2682 SSH_FP_DEFAULT)) == NULL) 2684 SSH_FP_DEFAULT)) == NULL)
2683 fatal("%s: sshkey_fingerprint failed", __func__); 2685 fatal("%s: sshkey_fingerprint failed", __func__);
2684 debug("Valid (unverified) signature from key %s", fp); 2686 debug("Valid (unverified) signature from key %s", fp);
2687 if (sig_details != NULL) {
2688 debug2("%s: signature details: counter = %u, flags = 0x%02x",
2689 __func__, sig_details->sk_counter, sig_details->sk_flags);
2690 }
2685 free(fp); 2691 free(fp);
2686 fp = NULL; 2692 fp = NULL;
2687 2693
@@ -2726,6 +2732,7 @@ done:
2726 sshbuf_free(sigbuf); 2732 sshbuf_free(sigbuf);
2727 sshbuf_free(abuf); 2733 sshbuf_free(abuf);
2728 sshkey_free(sign_key); 2734 sshkey_free(sign_key);
2735 sshkey_sig_details_free(sig_details);
2729 free(fp); 2736 free(fp);
2730 return ret; 2737 return ret;
2731} 2738}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 00:12:19 +0000