Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 00ed75c92d1f95fe50032835106c368fa22f0f02^! / . / monitor.c
commit00ed75c92d1f95fe50032835106c368fa22f0f02[log] [tgz]
authormarkus@openbsd.org <markus@openbsd.org>Tue May 30 14:10:53 2017 +0000
committerDamien Miller <djm@mindrot.org>Wed May 31 10:47:31 2017 +1000
treef66d7d747d708528011ae1d7ca553b39ed63bd82
parent54d90ace1d3535b44d92a8611952dc109a74a031 [diff] [blame]
upstream commit

switch auth2-pubkey.c to modern APIs; with & ok djm@

Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07

diff --git a/monitor.c b/monitor.c
index cd40893..2dee972 100644
--- a/monitor.c
+++ b/monitor.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.168 2017/05/30 08:52:19 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.169 2017/05/30 14:10:53 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1330,25 +1330,25 @@
 }
 
 int
-mm_answer_keyverify(int sock, Buffer *m)
+mm_answer_keyverify(int sock, struct sshbuf *m)
 {
 	struct sshkey *key;
 	u_char *signature, *data, *blob;
-	u_int signaturelen, datalen, bloblen;
-	int verified = 0;
-	int valid_data = 0;
+	size_t signaturelen, datalen, bloblen;
+	int r, ret, valid_data = 0, encoded_ret;
 
-	blob = buffer_get_string(m, &bloblen);
-	signature = buffer_get_string(m, &signaturelen);
-	data = buffer_get_string(m, &datalen);
+	if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
+	    (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
+	    (r = sshbuf_get_string(m, &data, &datalen)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 
 	if (hostbased_cuser == NULL || hostbased_chost == NULL ||
 	  !monitor_allowed_key(blob, bloblen))
 		fatal("%s: bad key, not previously allowed", __func__);
 
-	key = key_from_blob(blob, bloblen);
-	if (key == NULL)
-		fatal("%s: bad public key blob", __func__);
+	/* XXX use sshkey_froms here; need to change key_blob, etc. */
+	if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0)
+		fatal("%s: bad public key blob: %s", __func__, ssh_err(r));
 
 	switch (key_blobtype) {
 	case MM_USERKEY:
@@ -1365,15 +1365,16 @@
 	if (!valid_data)
 		fatal("%s: bad signature data blob", __func__);
 
-	verified = key_verify(key, signature, signaturelen, data, datalen);
+	ret = sshkey_verify(key, signature, signaturelen, data, datalen,
+	    active_state->compat);
 	debug3("%s: key %p signature %s",
-	    __func__, key, (verified == 1) ? "verified" : "unverified");
+	    __func__, key, (ret == 0) ? "verified" : "unverified");
 
 	/* If auth was successful then record key to ensure it isn't reused */
-	if (verified == 1 && key_blobtype == MM_USERKEY)
+	if (ret == 0 && key_blobtype == MM_USERKEY)
 		auth2_record_userkey(authctxt, key);
 	else
-		key_free(key);
+		sshkey_free(key);
 
 	free(blob);
 	free(signature);
@@ -1383,11 +1384,15 @@
 
 	monitor_reset_key_state();
 
-	buffer_clear(m);
-	buffer_put_int(m, verified);
+	sshbuf_reset(m);
+
+	/* encode ret != 0 as positive integer, since we're sending u32 */
+	encoded_ret = (ret != 0);
+	if ((r = sshbuf_put_u32(m, encoded_ret)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
 
-	return (verified == 1);
+	return ret == 0;
 }
 
 static void