diff options
Diffstat (limited to 'sshkey.c')
-rw-r--r-- | sshkey.c | 19 |
1 files changed, 14 insertions, 5 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.c,v 1.95 2019/11/18 06:58:00 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.96 2019/11/25 00:51:37 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
@@ -2301,7 +2301,7 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) | |||
2301 | goto out; | 2301 | goto out; |
2302 | } | 2302 | } |
2303 | if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, | 2303 | if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, |
2304 | sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0) | 2304 | sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0, NULL)) != 0) |
2305 | goto out; | 2305 | goto out; |
2306 | if ((ret = sshkey_get_sigtype(sig, slen, | 2306 | if ((ret = sshkey_get_sigtype(sig, slen, |
2307 | &key->cert->signature_type)) != 0) | 2307 | &key->cert->signature_type)) != 0) |
@@ -2796,8 +2796,11 @@ sshkey_sign(struct sshkey *key, | |||
2796 | int | 2796 | int |
2797 | sshkey_verify(const struct sshkey *key, | 2797 | sshkey_verify(const struct sshkey *key, |
2798 | const u_char *sig, size_t siglen, | 2798 | const u_char *sig, size_t siglen, |
2799 | const u_char *data, size_t dlen, const char *alg, u_int compat) | 2799 | const u_char *data, size_t dlen, const char *alg, u_int compat, |
2800 | struct sshkey_sig_details **detailsp) | ||
2800 | { | 2801 | { |
2802 | if (detailsp != NULL) | ||
2803 | *detailsp = NULL; | ||
2801 | if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) | 2804 | if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) |
2802 | return SSH_ERR_INVALID_ARGUMENT; | 2805 | return SSH_ERR_INVALID_ARGUMENT; |
2803 | switch (key->type) { | 2806 | switch (key->type) { |
@@ -2813,7 +2816,7 @@ sshkey_verify(const struct sshkey *key, | |||
2813 | case KEY_ECDSA_SK_CERT: | 2816 | case KEY_ECDSA_SK_CERT: |
2814 | case KEY_ECDSA_SK: | 2817 | case KEY_ECDSA_SK: |
2815 | return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen, | 2818 | return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen, |
2816 | compat); | 2819 | compat, detailsp); |
2817 | # endif /* ENABLE_SK */ | 2820 | # endif /* ENABLE_SK */ |
2818 | # endif /* OPENSSL_HAS_ECC */ | 2821 | # endif /* OPENSSL_HAS_ECC */ |
2819 | case KEY_RSA_CERT: | 2822 | case KEY_RSA_CERT: |
@@ -2826,7 +2829,7 @@ sshkey_verify(const struct sshkey *key, | |||
2826 | case KEY_ED25519_SK: | 2829 | case KEY_ED25519_SK: |
2827 | case KEY_ED25519_SK_CERT: | 2830 | case KEY_ED25519_SK_CERT: |
2828 | return ssh_ed25519_sk_verify(key, sig, siglen, data, dlen, | 2831 | return ssh_ed25519_sk_verify(key, sig, siglen, data, dlen, |
2829 | compat); | 2832 | compat, detailsp); |
2830 | #ifdef WITH_XMSS | 2833 | #ifdef WITH_XMSS |
2831 | case KEY_XMSS: | 2834 | case KEY_XMSS: |
2832 | case KEY_XMSS_CERT: | 2835 | case KEY_XMSS_CERT: |
@@ -4661,6 +4664,12 @@ sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, | |||
4661 | passphrase, keyp, commentp); | 4664 | passphrase, keyp, commentp); |
4662 | } | 4665 | } |
4663 | 4666 | ||
4667 | void | ||
4668 | sshkey_sig_details_free(struct sshkey_sig_details *details) | ||
4669 | { | ||
4670 | freezero(details, sizeof(*details)); | ||
4671 | } | ||
4672 | |||
4664 | #ifdef WITH_XMSS | 4673 | #ifdef WITH_XMSS |
4665 | /* | 4674 | /* |
4666 | * serialize the key with the current state and forward the state | 4675 | * serialize the key with the current state and forward the state |