diff options
Diffstat (limited to 'sshsig.c')
| -rw-r--r-- | sshsig.c | 22 |
1 files changed, 14 insertions, 8 deletions
| @@ -286,7 +286,7 @@ sshsig_peek_hashalg(struct sshbuf *signature, char **hashalgp) | |||
| 286 | static int | 286 | static int |
| 287 | sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, | 287 | sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, |
| 288 | const struct sshbuf *h_message, const char *expect_namespace, | 288 | const struct sshbuf *h_message, const char *expect_namespace, |
| 289 | struct sshkey **sign_keyp) | 289 | struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details) |
| 290 | { | 290 | { |
| 291 | int r = SSH_ERR_INTERNAL_ERROR; | 291 | int r = SSH_ERR_INTERNAL_ERROR; |
| 292 | struct sshbuf *buf = NULL, *toverify = NULL; | 292 | struct sshbuf *buf = NULL, *toverify = NULL; |
| @@ -296,6 +296,8 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, | |||
| 296 | size_t siglen; | 296 | size_t siglen; |
| 297 | 297 | ||
| 298 | debug("%s: verify message length %zu", __func__, sshbuf_len(h_message)); | 298 | debug("%s: verify message length %zu", __func__, sshbuf_len(h_message)); |
| 299 | if (sig_details != NULL) | ||
| 300 | *sig_details = NULL; | ||
| 299 | if (sign_keyp != NULL) | 301 | if (sign_keyp != NULL) |
| 300 | *sign_keyp = NULL; | 302 | *sign_keyp = NULL; |
| 301 | 303 | ||
| @@ -361,7 +363,7 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, | |||
| 361 | } | 363 | } |
| 362 | } | 364 | } |
| 363 | if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), | 365 | if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), |
| 364 | sshbuf_len(toverify), NULL, 0)) != 0) { | 366 | sshbuf_len(toverify), NULL, 0, sig_details)) != 0) { |
| 365 | error("Signature verification failed: %s", ssh_err(r)); | 367 | error("Signature verification failed: %s", ssh_err(r)); |
| 366 | goto done; | 368 | goto done; |
| 367 | } | 369 | } |
| @@ -453,15 +455,17 @@ sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider, | |||
| 453 | 455 | ||
| 454 | int | 456 | int |
| 455 | sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, | 457 | sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, |
| 456 | const char *expect_namespace, struct sshkey **sign_keyp) | 458 | const char *expect_namespace, struct sshkey **sign_keyp, |
| 459 | struct sshkey_sig_details **sig_details) | ||
| 457 | { | 460 | { |
| 458 | struct sshbuf *b = NULL; | 461 | struct sshbuf *b = NULL; |
| 459 | int r = SSH_ERR_INTERNAL_ERROR; | 462 | int r = SSH_ERR_INTERNAL_ERROR; |
| 460 | char *hashalg = NULL; | 463 | char *hashalg = NULL; |
| 461 | 464 | ||
| 465 | if (sig_details != NULL) | ||
| 466 | *sig_details = NULL; | ||
| 462 | if (sign_keyp != NULL) | 467 | if (sign_keyp != NULL) |
| 463 | *sign_keyp = NULL; | 468 | *sign_keyp = NULL; |
| 464 | |||
| 465 | if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) | 469 | if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) |
| 466 | return r; | 470 | return r; |
| 467 | debug("%s: signature made with hash \"%s\"", __func__, hashalg); | 471 | debug("%s: signature made with hash \"%s\"", __func__, hashalg); |
| @@ -470,7 +474,7 @@ sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, | |||
| 470 | goto out; | 474 | goto out; |
| 471 | } | 475 | } |
| 472 | if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, | 476 | if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, |
| 473 | sign_keyp)) != 0) | 477 | sign_keyp, sig_details)) != 0) |
| 474 | goto out; | 478 | goto out; |
| 475 | /* success */ | 479 | /* success */ |
| 476 | r = 0; | 480 | r = 0; |
| @@ -579,15 +583,17 @@ sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider, | |||
| 579 | 583 | ||
| 580 | int | 584 | int |
| 581 | sshsig_verify_fd(struct sshbuf *signature, int fd, | 585 | sshsig_verify_fd(struct sshbuf *signature, int fd, |
| 582 | const char *expect_namespace, struct sshkey **sign_keyp) | 586 | const char *expect_namespace, struct sshkey **sign_keyp, |
| 587 | struct sshkey_sig_details **sig_details) | ||
| 583 | { | 588 | { |
| 584 | struct sshbuf *b = NULL; | 589 | struct sshbuf *b = NULL; |
| 585 | int r = SSH_ERR_INTERNAL_ERROR; | 590 | int r = SSH_ERR_INTERNAL_ERROR; |
| 586 | char *hashalg = NULL; | 591 | char *hashalg = NULL; |
| 587 | 592 | ||
| 593 | if (sig_details != NULL) | ||
| 594 | *sig_details = NULL; | ||
| 588 | if (sign_keyp != NULL) | 595 | if (sign_keyp != NULL) |
| 589 | *sign_keyp = NULL; | 596 | *sign_keyp = NULL; |
| 590 | |||
| 591 | if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) | 597 | if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) |
| 592 | return r; | 598 | return r; |
| 593 | debug("%s: signature made with hash \"%s\"", __func__, hashalg); | 599 | debug("%s: signature made with hash \"%s\"", __func__, hashalg); |
| @@ -596,7 +602,7 @@ sshsig_verify_fd(struct sshbuf *signature, int fd, | |||
| 596 | goto out; | 602 | goto out; |
| 597 | } | 603 | } |
| 598 | if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, | 604 | if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, |
| 599 | sign_keyp)) != 0) | 605 | sign_keyp, sig_details)) != 0) |
| 600 | goto out; | 606 | goto out; |
| 601 | /* success */ | 607 | /* success */ |
| 602 | r = 0; | 608 | r = 0; |