version 1.184, 2018/07/10 09:13:30 |
version 1.185, 2018/07/11 18:53:29 |
|
|
#include "atomicio.h" |
#include "atomicio.h" |
#include "xmalloc.h" |
#include "xmalloc.h" |
#include "ssh.h" |
#include "ssh.h" |
#include "key.h" |
#include "sshkey.h" |
#include "sshbuf.h" |
#include "sshbuf.h" |
#include "hostfile.h" |
#include "hostfile.h" |
#include "auth.h" |
#include "auth.h" |
|
|
char *alg = NULL; |
char *alg = NULL; |
size_t datlen, siglen, alglen; |
size_t datlen, siglen, alglen; |
int r, is_proof = 0; |
int r, is_proof = 0; |
u_int keyid; |
u_int keyid, compat; |
const char proof_req[] = "hostkeys-prove-00@openssh.com"; |
const char proof_req[] = "hostkeys-prove-00@openssh.com"; |
|
|
debug3("%s", __func__); |
debug3("%s", __func__); |
|
|
if ((r = sshbuf_get_u32(m, &keyid)) != 0 || |
if ((r = sshbuf_get_u32(m, &keyid)) != 0 || |
(r = sshbuf_get_string(m, &p, &datlen)) != 0 || |
(r = sshbuf_get_string(m, &p, &datlen)) != 0 || |
(r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) |
(r = sshbuf_get_cstring(m, &alg, &alglen)) != 0 || |
|
(r = sshbuf_get_u32(m, &compat)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
if (keyid > INT_MAX) |
if (keyid > INT_MAX) |
fatal("%s: invalid key ID", __func__); |
fatal("%s: invalid key ID", __func__); |
|
|
|
|
if ((key = get_hostkey_by_index(keyid)) != NULL) { |
if ((key = get_hostkey_by_index(keyid)) != NULL) { |
if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, |
if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, |
datafellows)) != 0) |
compat)) != 0) |
fatal("%s: sshkey_sign failed: %s", |
fatal("%s: sshkey_sign failed: %s", |
__func__, ssh_err(r)); |
__func__, ssh_err(r)); |
} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && |
} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && |
auth_sock > 0) { |
auth_sock > 0) { |
if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, |
if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, |
p, datlen, alg, datafellows)) != 0) { |
p, datlen, alg, compat)) != 0) { |
fatal("%s: ssh_agent_sign failed: %s", |
fatal("%s: ssh_agent_sign failed: %s", |
__func__, ssh_err(r)); |
__func__, ssh_err(r)); |
} |
} |
|
|
|
|
if (key != NULL && authctxt->valid) { |
if (key != NULL && authctxt->valid) { |
/* These should not make it past the privsep child */ |
/* These should not make it past the privsep child */ |
if (key_type_plain(key->type) == KEY_RSA && |
if (sshkey_type_plain(key->type) == KEY_RSA && |
(datafellows & SSH_BUG_RSASIGMD5) != 0) |
(datafellows & SSH_BUG_RSASIGMD5) != 0) |
fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__); |
fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__); |
|
|