aboutsummaryrefslogtreecommitdiff
path: root/src/messages.c
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2018-07-03 15:53:44 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-08-31 14:18:34 +0200
commit60ad7ee15dc23c16d4827ee8eff7d228e13982cd (patch)
tree7c7ff31cea17e34acab9b767af8a4f7ab75eb034 /src/messages.c
parent5fe81e89fb0ce68cef0846a265900d3331396ae6 (diff)
downloadlibssh-60ad7ee15dc23c16d4827ee8eff7d228e13982cd.tar.gz
libssh-60ad7ee15dc23c16d4827ee8eff7d228e13982cd.tar.xz
libssh-60ad7ee15dc23c16d4827ee8eff7d228e13982cd.zip
messages: Create correct digest for pki signatures
This does not affect old signatures, where the public key algorithm matches the public key type. This is a problem when using SHA2 extension for the RSA keys, where the new signature algorithsm are introduced in addition to the exitsing ssh-rsa which was ignored throughout the code. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/messages.c')
-rw-r--r--src/messages.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/src/messages.c b/src/messages.c
index 6fe87f78..8a469d41 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -645,7 +645,8 @@ error:
*/
static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,
ssh_message msg,
- const char *service)
+ const char *service,
+ ssh_string algo)
{
struct ssh_crypto_struct *crypto =
session->current_crypto ? session->current_crypto :
@@ -673,7 +674,7 @@ static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,
service,
"publickey", /* method */
1, /* has to be signed (true) */
- msg->auth_request.pubkey->type_c, /* pubkey algorithm */
+ ssh_string_get_char(algo), /* pubkey algorithm */
str); /* public key as a blob */
ssh_string_free(str);
@@ -785,13 +786,13 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
if (rc != SSH_OK) {
goto error;
}
- ssh_string_free(algo);
- algo = NULL;
rc = ssh_pki_import_pubkey_blob(pubkey_blob, &msg->auth_request.pubkey);
ssh_string_free(pubkey_blob);
pubkey_blob = NULL;
if (rc < 0) {
+ ssh_string_free(algo);
+ algo = NULL;
goto error;
}
msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_NONE;
@@ -804,10 +805,14 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
if(sig_blob == NULL) {
SSH_LOG(SSH_LOG_PACKET, "Invalid signature packet from peer");
msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_ERROR;
+ ssh_string_free(algo);
+ algo = NULL;
goto error;
}
- digest = ssh_msg_userauth_build_digest(session, msg, service);
+ digest = ssh_msg_userauth_build_digest(session, msg, service, algo);
+ ssh_string_free(algo);
+ algo = NULL;
if (digest == NULL) {
ssh_string_free(sig_blob);
SSH_LOG(SSH_LOG_PACKET, "Failed to get digest");