aboutsummaryrefslogtreecommitdiff
path: root/src/packet_cb.c
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2018-11-22 10:43:18 +0100
committerAndreas Schneider <asn@cryptomilk.org>2018-11-30 16:21:18 +0100
commitd2434c69c008aa1cd3bd488ca6bc524da0e4ca3a (patch)
tree9c7e75f20d783734a4644dcd81cf1766ea62adb6 /src/packet_cb.c
parent7f83a1efae6a7da19e18268d6298fc11b4e68c57 (diff)
downloadlibssh-d2434c69c008aa1cd3bd488ca6bc524da0e4ca3a.tar.gz
libssh-d2434c69c008aa1cd3bd488ca6bc524da0e4ca3a.tar.xz
libssh-d2434c69c008aa1cd3bd488ca6bc524da0e4ca3a.zip
pki: Separate signature extraction and verification
Initial solution proposed by Tilo Eckert <tilo.eckert@flam.de> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/packet_cb.c')
-rw-r--r--src/packet_cb.c19
1 files changed, 13 insertions, 6 deletions
diff --git a/src/packet_cb.c b/src/packet_cb.c
index 7e2902d3..e655c88d 100644
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@@ -138,6 +138,7 @@ error:
SSH_PACKET_CALLBACK(ssh_packet_newkeys){
ssh_string sig_blob = NULL;
+ ssh_signature sig = NULL;
int rc;
(void)packet;
(void)user;
@@ -185,7 +186,12 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
/* get the server public key */
server_key = ssh_dh_get_next_server_publickey(session);
if (server_key == NULL) {
- return SSH_ERROR;
+ goto error;
+ }
+
+ rc = ssh_pki_import_signature_blob(sig_blob, server_key, &sig);
+ if (rc != SSH_OK) {
+ goto error;
}
/* check if public key from server matches user preferences */
@@ -202,13 +208,14 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
}
}
- rc = ssh_pki_signature_verify_blob(session,
- sig_blob,
- server_key,
- session->next_crypto->secret_hash,
- session->next_crypto->digest_len);
+ rc = ssh_pki_signature_verify(session,
+ sig,
+ server_key,
+ session->next_crypto->secret_hash,
+ session->next_crypto->digest_len);
ssh_string_burn(sig_blob);
ssh_string_free(sig_blob);
+ ssh_signature_free(sig);
sig_blob = NULL;
if (rc == SSH_ERROR) {
goto error;