From 4668e1f3b8458a5748dae8d224fe246996df23b4 Mon Sep 17 00:00:00 2001 From: djm Date: Wed, 12 Sep 2018 01:32:54 +0000 Subject: [PATCH] add sshkey_check_cert_sigtype() that checks a cert->signature_type against a supplied whitelist; ok markus --- usr.bin/ssh/sshkey.c | 23 ++++++++++++++++++++++- usr.bin/ssh/sshkey.h | 3 ++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c index 9b88f11107d..997d107cec4 100644 --- a/usr.bin/ssh/sshkey.c +++ b/usr.bin/ssh/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.67 2018/09/12 01:31:30 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.68 2018/09/12 01:32:54 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2214,6 +2214,27 @@ get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) return r; } +/* + * + * Checks whether a certificate's signature type is allowed. + * Returns 0 (success) if the certificate signature type appears in the + * "allowed" pattern-list, or the key is not a certificate to begin with. + * Otherwise returns a ssherr.h code. + */ +int +sshkey_check_cert_sigtype(const struct sshkey *key, const char *allowed) +{ + if (key == NULL || allowed == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (!sshkey_type_is_cert(key->type)) + return 0; + if (key->cert == NULL || key->cert->signature_type == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (match_pattern_list(key->cert->signature_type, allowed, 0) != 1) + return SSH_ERR_SIGN_ALG_UNSUPPORTED; + return 0; +} + /* * Returns the expected signature algorithm for a given public key algorithm. */ diff --git a/usr.bin/ssh/sshkey.h b/usr.bin/ssh/sshkey.h index 1acf7f7cc38..2ee661648be 100644 --- a/usr.bin/ssh/sshkey.h +++ b/usr.bin/ssh/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.27 2018/09/12 01:31:30 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.28 2018/09/12 01:32:54 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -152,6 +152,7 @@ int sshkey_cert_check_authority(const struct sshkey *, int, int, const char *, const char **); size_t sshkey_format_cert_validity(const struct sshkey_cert *, char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); +int sshkey_check_cert_sigtype(const struct sshkey *, const char *); int sshkey_certify(struct sshkey *, struct sshkey *, const char *); /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ -- 2.20.1