src/usr.bin/ssh/sshkey.c - diff

Return to sshkey.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshkey.c between version 1.27 and 1.28

version 1.27, 2015/11/19 01:08:55

version 1.28, 2015/12/04 16:41:28

Line 79

int type;

int nid;

int cert;

int sigonly;

};

static const struct keytype keytypes[] = {

{ "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },

{ "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0, 0 },

{ "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",

KEY_ED25519_CERT, 0, 1 },

KEY_ED25519_CERT, 0, 1, 0 },

#ifdef WITH_OPENSSL

{ NULL, "RSA1", KEY_RSA1, 0, 0 },

{ NULL, "RSA1", KEY_RSA1, 0, 0, 0 },

{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 },

{ "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 },

{ "ssh-dss", "DSA", KEY_DSA, 0, 0 },

{ "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 },

{ "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 },

{ "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 },

{ "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 },

{ "ssh-dss", "DSA", KEY_DSA, 0, 0, 0 },

{ "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 },

{ "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 },

{ "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 },

{ "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0, 0 },

{ "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 },

{ "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0, 0 },

{ "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1, 0 },

{ "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1, 0 },

{ "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT",

KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 },

KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 },

{ "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT",

KEY_ECDSA_CERT, NID_secp384r1, 1 },

KEY_ECDSA_CERT, NID_secp384r1, 1, 0 },

{ "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT",

KEY_ECDSA_CERT, NID_secp521r1, 1 },

KEY_ECDSA_CERT, NID_secp521r1, 1, 0 },

#endif /* WITH_OPENSSL */

{ NULL, NULL, -1, -1, 0 }

{ NULL, NULL, -1, -1, 0, 0 }

};

const char *

Line 188

Line 191

const struct keytype *kt;

for (kt = keytypes; kt->type != -1; kt++) {

if (kt->name == NULL)

if (kt->name == NULL || kt->sigonly)

continue;

if ((certs_only && !kt->cert) || (plain_only && kt->cert))

continue;

Line 2136

Line 2139

int

sshkey_sign(const struct sshkey *key,

u_char **sigp, size_t *lenp,

const u_char *data, size_t datalen, u_int compat)

const u_char *data, size_t datalen, const char *alg, u_int compat)

{

if (sigp != NULL)

*sigp = NULL;

Line 2154

Line 2157

return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat);

case KEY_RSA_CERT:

case KEY_RSA:

return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat);

return ssh_rsa_sign(key, sigp, lenp, data, datalen, alg);

#endif /* WITH_OPENSSL */

case KEY_ED25519:

case KEY_ED25519_CERT:

Line 2184

Line 2187

return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat);

case KEY_RSA_CERT:

case KEY_RSA:

return ssh_rsa_verify(key, sig, siglen, data, dlen, compat);

return ssh_rsa_verify(key, sig, siglen, data, dlen);

#endif /* WITH_OPENSSL */

case KEY_ED25519:

case KEY_ED25519_CERT:

Line 2414

Line 2417

/* Sign the whole mess */

if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert),

sshbuf_len(cert), 0)) != 0)

sshbuf_len(cert), NULL, 0)) != 0)

goto out;

/* Append signature and we are done */