version 1.58, 2017/12/18 02:22:29 |
version 1.59, 2017/12/18 02:25:15 |
|
|
goto out; |
goto out; |
} |
} |
if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, |
if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, |
sshbuf_ptr(key->cert->certblob), signed_len, 0)) != 0) |
sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0) |
goto out; |
goto out; |
|
|
/* Success */ |
/* Success */ |
|
|
|
|
/* |
/* |
* ssh_key_verify returns 0 for a correct signature and < 0 on error. |
* ssh_key_verify returns 0 for a correct signature and < 0 on error. |
|
* If "alg" specified, then the signature must use that algorithm. |
*/ |
*/ |
int |
int |
sshkey_verify(const struct sshkey *key, |
sshkey_verify(const struct sshkey *key, |
const u_char *sig, size_t siglen, |
const u_char *sig, size_t siglen, |
const u_char *data, size_t dlen, u_int compat) |
const u_char *data, size_t dlen, const char *alg, u_int compat) |
{ |
{ |
if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) |
if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) |
return SSH_ERR_INVALID_ARGUMENT; |
return SSH_ERR_INVALID_ARGUMENT; |
|
|
return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); |
return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA: |
case KEY_RSA: |
return ssh_rsa_verify(key, sig, siglen, data, dlen); |
return ssh_rsa_verify(key, sig, siglen, data, dlen, alg); |
#endif /* WITH_OPENSSL */ |
#endif /* WITH_OPENSSL */ |
case KEY_ED25519: |
case KEY_ED25519: |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |