===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshsig.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- src/usr.bin/ssh/sshsig.c	2019/10/31 21:23:19	1.7
+++ src/usr.bin/ssh/sshsig.c	2019/11/25 00:51:37	1.8
@@ -284,7 +284,7 @@
 static int
 sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg,
     const struct sshbuf *h_message, const char *expect_namespace,
-    struct sshkey **sign_keyp)
+    struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details)
 {
 	int r = SSH_ERR_INTERNAL_ERROR;
 	struct sshbuf *buf = NULL, *toverify = NULL;
@@ -294,6 +294,8 @@
 	size_t siglen;
 
 	debug("%s: verify message length %zu", __func__, sshbuf_len(h_message));
+	if (sig_details != NULL)
+		*sig_details = NULL;
 	if (sign_keyp != NULL)
 		*sign_keyp = NULL;
 
@@ -359,7 +361,7 @@
 		}
 	}
 	if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify),
-	    sshbuf_len(toverify), NULL, 0)) != 0) {
+	    sshbuf_len(toverify), NULL, 0, sig_details)) != 0) {
 		error("Signature verification failed: %s", ssh_err(r));
 		goto done;
 	}
@@ -451,15 +453,17 @@
 
 int
 sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message,
-    const char *expect_namespace, struct sshkey **sign_keyp)
+    const char *expect_namespace, struct sshkey **sign_keyp,
+    struct sshkey_sig_details **sig_details)
 {
 	struct sshbuf *b = NULL;
 	int r = SSH_ERR_INTERNAL_ERROR;
 	char *hashalg = NULL;
 
+	if (sig_details != NULL)
+		*sig_details = NULL;
 	if (sign_keyp != NULL)
 		*sign_keyp = NULL;
-
 	if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0)
 		return r;
 	debug("%s: signature made with hash \"%s\"", __func__, hashalg);
@@ -468,7 +472,7 @@
 		goto out;
 	}
 	if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace,
-	    sign_keyp)) != 0)
+	    sign_keyp, sig_details)) != 0)
 		goto out;
 	/* success */
 	r = 0;
@@ -577,15 +581,17 @@
 
 int
 sshsig_verify_fd(struct sshbuf *signature, int fd,
-    const char *expect_namespace, struct sshkey **sign_keyp)
+    const char *expect_namespace, struct sshkey **sign_keyp,
+    struct sshkey_sig_details **sig_details)
 {
 	struct sshbuf *b = NULL;
 	int r = SSH_ERR_INTERNAL_ERROR;
 	char *hashalg = NULL;
 
+	if (sig_details != NULL)
+		*sig_details = NULL;
 	if (sign_keyp != NULL)
 		*sign_keyp = NULL;
-
 	if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0)
 		return r;
 	debug("%s: signature made with hash \"%s\"", __func__, hashalg);
@@ -594,7 +600,7 @@
 		goto out;
 	}
 	if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace,
-	    sign_keyp)) != 0)
+	    sign_keyp, sig_details)) != 0)
 		goto out;
 	/* success */
 	r = 0;