diff options
Diffstat (limited to 'sshkey.c')
-rw-r--r-- | sshkey.c | 23 |
1 files changed, 22 insertions, 1 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.c,v 1.67 2018/09/12 01:31:30 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.68 2018/09/12 01:32:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
@@ -2261,6 +2261,27 @@ get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) | |||
2261 | } | 2261 | } |
2262 | 2262 | ||
2263 | /* | 2263 | /* |
2264 | * | ||
2265 | * Checks whether a certificate's signature type is allowed. | ||
2266 | * Returns 0 (success) if the certificate signature type appears in the | ||
2267 | * "allowed" pattern-list, or the key is not a certificate to begin with. | ||
2268 | * Otherwise returns a ssherr.h code. | ||
2269 | */ | ||
2270 | int | ||
2271 | sshkey_check_cert_sigtype(const struct sshkey *key, const char *allowed) | ||
2272 | { | ||
2273 | if (key == NULL || allowed == NULL) | ||
2274 | return SSH_ERR_INVALID_ARGUMENT; | ||
2275 | if (!sshkey_type_is_cert(key->type)) | ||
2276 | return 0; | ||
2277 | if (key->cert == NULL || key->cert->signature_type == NULL) | ||
2278 | return SSH_ERR_INVALID_ARGUMENT; | ||
2279 | if (match_pattern_list(key->cert->signature_type, allowed, 0) != 1) | ||
2280 | return SSH_ERR_SIGN_ALG_UNSUPPORTED; | ||
2281 | return 0; | ||
2282 | } | ||
2283 | |||
2284 | /* | ||
2264 | * Returns the expected signature algorithm for a given public key algorithm. | 2285 | * Returns the expected signature algorithm for a given public key algorithm. |
2265 | */ | 2286 | */ |
2266 | const char * | 2287 | const char * |