version 1.81, 2019/07/16 13:18:39 |
version 1.82, 2019/09/03 08:31:20 |
|
|
struct sshbuf *buf, enum sshkey_serialize_rep); |
struct sshbuf *buf, enum sshkey_serialize_rep); |
static int sshkey_from_blob_internal(struct sshbuf *buf, |
static int sshkey_from_blob_internal(struct sshbuf *buf, |
struct sshkey **keyp, int allow_cert); |
struct sshkey **keyp, int allow_cert); |
static int get_sigtype(const u_char *sig, size_t siglen, char **sigtypep); |
|
|
|
/* Supported key types */ |
/* Supported key types */ |
struct keytype { |
struct keytype { |
|
|
if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, |
if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, |
sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0) |
sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0) |
goto out; |
goto out; |
if ((ret = get_sigtype(sig, slen, &key->cert->signature_type)) != 0) |
if ((ret = sshkey_get_sigtype(sig, slen, |
|
&key->cert->signature_type)) != 0) |
goto out; |
goto out; |
|
|
/* Success */ |
/* Success */ |
|
|
return r; |
return r; |
} |
} |
|
|
static int |
int |
get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) |
sshkey_get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) |
{ |
{ |
int r; |
int r; |
struct sshbuf *b = NULL; |
struct sshbuf *b = NULL; |
|
|
return 0; |
return 0; |
if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL) |
if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL) |
return SSH_ERR_INVALID_ARGUMENT; |
return SSH_ERR_INVALID_ARGUMENT; |
if ((r = get_sigtype(sig, siglen, &sigtype)) != 0) |
if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0) |
return r; |
return r; |
r = strcmp(expected_alg, sigtype) == 0; |
r = strcmp(expected_alg, sigtype) == 0; |
free(sigtype); |
free(sigtype); |
|
|
sshbuf_len(cert), alg, 0, signer_ctx)) != 0) |
sshbuf_len(cert), alg, 0, signer_ctx)) != 0) |
goto out; |
goto out; |
/* Check and update signature_type against what was actually used */ |
/* Check and update signature_type against what was actually used */ |
if ((ret = get_sigtype(sig_blob, sig_len, &sigtype)) != 0) |
if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0) |
goto out; |
goto out; |
if (alg != NULL && strcmp(alg, sigtype) != 0) { |
if (alg != NULL && strcmp(alg, sigtype) != 0) { |
ret = SSH_ERR_SIGN_ALG_UNSUPPORTED; |
ret = SSH_ERR_SIGN_ALG_UNSUPPORTED; |