shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-07 10:40:28 +09:00
Code Issues Packages Projects Releases Wiki Activity

pki: Separate signature extraction and verification

Browse Source 
Initial solution proposed by Tilo Eckert <tilo.eckert@flam.de>

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2018-11-22 10:43:18 +01:00
committed by Andreas Schneider
parent 7f83a1efae
commit d2434c69c0
4 changed files with 34 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/packet_cb.c
View File

@@ -138,6 +138,7 @@ error:
SSH_PACKET_CALLBACK(ssh_packet_newkeys){
ssh_string sig_blob = NULL;
ssh_signature sig = NULL;
int rc;
(void)packet;
(void)user;
@@ -185,7 +186,12 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
/* get the server public key */
server_key = ssh_dh_get_next_server_publickey(session);
if (server_key == NULL) {
return SSH_ERROR;
goto error;
}
rc = ssh_pki_import_signature_blob(sig_blob, server_key, &sig);
if (rc != SSH_OK) {
goto error;
}
/* check if public key from server matches user preferences */
@@ -202,13 +208,14 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
}
}
rc = ssh_pki_signature_verify_blob(session,
sig_blob,
server_key,
session->next_crypto->secret_hash,
session->next_crypto->digest_len);
rc = ssh_pki_signature_verify(session,
sig,
server_key,
session->next_crypto->secret_hash,
session->next_crypto->digest_len);
ssh_string_burn(sig_blob);
ssh_string_free(sig_blob);
ssh_signature_free(sig);
sig_blob = NULL;
if (rc == SSH_ERROR) {
goto error;