version 1.308, 2017/12/18 02:25:15 |
version 1.309, 2017/12/18 23:16:23 |
|
|
struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; |
struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; |
size_t i, ndone; |
size_t i, ndone; |
struct sshbuf *signdata; |
struct sshbuf *signdata; |
int r; |
int r, kexsigtype, use_kexsigtype; |
const u_char *sig; |
const u_char *sig; |
size_t siglen; |
size_t siglen; |
|
|
|
|
hostkeys_update_ctx_free(ctx); |
hostkeys_update_ctx_free(ctx); |
return; |
return; |
} |
} |
|
kexsigtype = sshkey_type_plain( |
|
sshkey_type_from_name(ssh->kex->hostkey_alg)); |
|
|
if ((signdata = sshbuf_new()) == NULL) |
if ((signdata = sshbuf_new()) == NULL) |
fatal("%s: sshbuf_new failed", __func__); |
fatal("%s: sshbuf_new failed", __func__); |
/* Don't want to accidentally accept an unbound signature */ |
/* Don't want to accidentally accept an unbound signature */ |
|
|
__func__, ssh_err(r)); |
__func__, ssh_err(r)); |
goto out; |
goto out; |
} |
} |
|
/* |
|
* For RSA keys, prefer to use the signature type negotiated |
|
* during KEX to the default (SHA1). |
|
*/ |
|
use_kexsigtype = kexsigtype == KEY_RSA && |
|
sshkey_type_plain(ctx->keys[i]->type) == KEY_RSA; |
if ((r = sshkey_verify(ctx->keys[i], sig, siglen, |
if ((r = sshkey_verify(ctx->keys[i], sig, siglen, |
sshbuf_ptr(signdata), sshbuf_len(signdata), |
sshbuf_ptr(signdata), sshbuf_len(signdata), |
ssh->kex->hostkey_alg, 0)) != 0) { |
use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0) { |
error("%s: server gave bad signature for %s key %zu", |
error("%s: server gave bad signature for %s key %zu", |
__func__, sshkey_type(ctx->keys[i]), i); |
__func__, sshkey_type(ctx->keys[i]), i); |
goto out; |
goto out; |