[BACK]Return to sshkey.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshkey.c between version 1.64 and 1.65

version 1.64, 2018/03/22 07:05:48 version 1.65, 2018/07/03 11:39:54
Line 79 
Line 79 
 struct keytype {  struct keytype {
         const char *name;          const char *name;
         const char *shortname;          const char *shortname;
           const char *sigalg;
         int type;          int type;
         int nid;          int nid;
         int cert;          int cert;
         int sigonly;          int sigonly;
 };  };
 static const struct keytype keytypes[] = {  static const struct keytype keytypes[] = {
         { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0, 0 },          { "ssh-ed25519", "ED25519", NULL, KEY_ED25519, 0, 0, 0 },
         { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",          { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", NULL,
             KEY_ED25519_CERT, 0, 1, 0 },              KEY_ED25519_CERT, 0, 1, 0 },
 #ifdef WITH_XMSS  #ifdef WITH_XMSS
         { "ssh-xmss@openssh.com", "XMSS", KEY_XMSS, 0, 0, 0 },          { "ssh-xmss@openssh.com", "XMSS", NULL, KEY_XMSS, 0, 0, 0 },
         { "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT",          { "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT", NULL,
             KEY_XMSS_CERT, 0, 1, 0 },              KEY_XMSS_CERT, 0, 1, 0 },
 #endif /* WITH_XMSS */  #endif /* WITH_XMSS */
 #ifdef WITH_OPENSSL  #ifdef WITH_OPENSSL
         { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 },          { "ssh-rsa", "RSA", NULL, KEY_RSA, 0, 0, 0 },
         { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 },          { "rsa-sha2-256", "RSA", NULL, KEY_RSA, 0, 0, 1 },
         { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 },          { "rsa-sha2-512", "RSA", NULL, KEY_RSA, 0, 0, 1 },
         { "ssh-dss", "DSA", KEY_DSA, 0, 0, 0 },          { "ssh-dss", "DSA", NULL, KEY_DSA, 0, 0, 0 },
         { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 },          { "ecdsa-sha2-nistp256", "ECDSA", NULL,
         { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0, 0 },              KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 },
         { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0, 0 },          { "ecdsa-sha2-nistp384", "ECDSA", NULL,
         { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1, 0 },              KEY_ECDSA, NID_secp384r1, 0, 0 },
         { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1, 0 },          { "ecdsa-sha2-nistp521", "ECDSA", NULL,
         { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT",              KEY_ECDSA, NID_secp521r1, 0, 0 },
           { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL,
               KEY_RSA_CERT, 0, 1, 0 },
           { "rsa-sha2-256-cert-v01@openssh.com", "RSA-CERT",
               "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 },
           { "rsa-sha2-512-cert-v01@openssh.com", "RSA-CERT",
               "ssh-rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 },
           { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", NULL,
               KEY_DSA_CERT, 0, 1, 0 },
           { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", NULL,
             KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 },              KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 },
         { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT",          { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", NULL,
             KEY_ECDSA_CERT, NID_secp384r1, 1, 0 },              KEY_ECDSA_CERT, NID_secp384r1, 1, 0 },
         { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT",          { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL,
             KEY_ECDSA_CERT, NID_secp521r1, 1, 0 },             KEY_ECDSA_CERT, NID_secp521r1, 1, 0 },
 #endif /* WITH_OPENSSL */  #endif /* WITH_OPENSSL */
         { NULL, NULL, -1, -1, 0, 0 }          { NULL, NULL, NULL, -1, -1, 0, 0 }
 };  };
   
 const char *  const char *
Line 2160 
Line 2170 
         return r;          return r;
 }  }
   
 int  static int
 sshkey_sigtype(const u_char *sig, size_t siglen, char **sigtypep)  get_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
 {  {
         int r;          int r;
         struct sshbuf *b = NULL;          struct sshbuf *b = NULL;
Line 2183 
Line 2193 
         free(sigtype);          free(sigtype);
         sshbuf_free(b);          sshbuf_free(b);
         return r;          return r;
   }
   
   /*
    * Returns the expected signature algorithm for a given public key algorithm.
    */
   static const char *
   sigalg_by_name(const char *name)
   {
           const struct keytype *kt;
   
           for (kt = keytypes; kt->type != -1; kt++) {
                   if (strcmp(kt->name, name) != 0)
                           continue;
                   if (kt->sigalg != NULL)
                           return kt->sigalg;
                   if (!kt->cert)
                           return kt->name;
                   return sshkey_ssh_name_from_type_nid(
                       sshkey_type_plain(kt->type), kt->nid);
           }
           return NULL;
   }
   
   /*
    * Verifies that the signature algorithm appearing inside the signature blob
    * matches that which was requested.
    */
   int
   sshkey_check_sigtype(const u_char *sig, size_t siglen,
       const char *requested_alg)
   {
           const char *expected_alg;
           char *sigtype = NULL;
           int r;
   
           if (requested_alg == NULL)
                   return 0;
           if ((expected_alg = sigalg_by_name(requested_alg)) == NULL)
                   return SSH_ERR_INVALID_ARGUMENT;
           if ((r = get_sigtype(sig, siglen, &sigtype)) != 0)
                   return r;
           r = strcmp(expected_alg, sigtype) == 0;
           free(sigtype);
           return r ? 0 : SSH_ERR_SIGN_ALG_UNSUPPORTED;
 }  }
   
 int  int
Legend:
Removed from v.1.64  
changed lines
  Added in v.1.65