version 1.357, 2021/01/27 09:26:54 |
version 1.358, 2021/01/27 10:05:28 |
|
|
|
|
if ((signdata = sshbuf_new()) == NULL) |
if ((signdata = sshbuf_new()) == NULL) |
fatal_f("sshbuf_new failed"); |
fatal_f("sshbuf_new failed"); |
/* Don't want to accidentally accept an unbound signature */ |
|
if (ssh->kex->session_id_len == 0) |
|
fatal_f("ssh->kex->session_id_len == 0"); |
|
/* |
/* |
* Expect a signature for each of the ctx->nnew private keys we |
* Expect a signature for each of the ctx->nnew private keys we |
* haven't seen before. They will be in the same order as the |
* haven't seen before. They will be in the same order as the |
|
|
sshbuf_reset(signdata); |
sshbuf_reset(signdata); |
if ( (r = sshbuf_put_cstring(signdata, |
if ( (r = sshbuf_put_cstring(signdata, |
"hostkeys-prove-00@openssh.com")) != 0 || |
"hostkeys-prove-00@openssh.com")) != 0 || |
(r = sshbuf_put_string(signdata, ssh->kex->session_id, |
(r = sshbuf_put_stringb(signdata, |
ssh->kex->session_id_len)) != 0 || |
ssh->kex->session_id)) != 0 || |
(r = sshkey_puts(ctx->keys[i], signdata)) != 0) |
(r = sshkey_puts(ctx->keys[i], signdata)) != 0) |
fatal_fr(r, "compose signdata"); |
fatal_fr(r, "compose signdata"); |
/* Extract and verify signature */ |
/* Extract and verify signature */ |