diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-07-03 13:20:25 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-07-03 23:26:47 +1000 |
| commit | b4d4eda633af433d20232cbf7e855ceac8b83fe5 (patch) | |
| tree | 40b912d5b34fcea72cf9de81fc19b4cb8f6c9864 | |
| parent | d78b75df4a57e0f92295f24298e5f2930e71c172 (diff) | |
| download | openssh-git-b4d4eda633af433d20232cbf7e855ceac8b83fe5.tar.gz | |
upstream: some finesse to fix RSA-SHA2 certificate authentication
for certs hosted in ssh-agent
OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f
| -rw-r--r-- | sshconnect2.c | 9 | ||||
| -rw-r--r-- | sshkey.c | 8 | ||||
| -rw-r--r-- | sshkey.h | 3 |
3 files changed, 12 insertions, 8 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index ff3b0bed..db95cb21 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.273 2018/07/03 13:07:58 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.274 2018/07/03 13:20:25 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -996,7 +996,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) static char * key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) { - char *allowed, *oallowed, *cp, *alg = NULL; + char *allowed, *oallowed, *cp, *tmp, *alg = NULL; /* * The signature algorithm will only differ from the key algorithm @@ -1020,7 +1020,10 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) while ((cp = strsep(&allowed, ",")) != NULL) { if (sshkey_type_from_name(cp) != key->type) continue; - alg = match_list(cp, ssh->kex->server_sig_algs, NULL); + tmp = match_list(sshkey_sigalg_by_name(cp), ssh->kex->server_sig_algs, NULL); + if (tmp != NULL) + alg = xstrdup(cp); + free(tmp); if (alg != NULL) break; } @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.65 2018/07/03 11:39:54 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.66 2018/07/03 13:20:25 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2244,8 +2244,8 @@ get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) /* * Returns the expected signature algorithm for a given public key algorithm. */ -static const char * -sigalg_by_name(const char *name) +const char * +sshkey_sigalg_by_name(const char *name) { const struct keytype *kt; @@ -2276,7 +2276,7 @@ sshkey_check_sigtype(const u_char *sig, size_t siglen, if (requested_alg == NULL) return 0; - if ((expected_alg = sigalg_by_name(requested_alg)) == NULL) + if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL) return SSH_ERR_INVALID_ARGUMENT; if ((r = get_sigtype(sig, siglen, &sigtype)) != 0) return r; @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.25 2018/07/03 11:39:54 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.26 2018/07/03 13:20:25 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -196,6 +196,7 @@ int sshkey_sign(const struct sshkey *, u_char **, size_t *, int sshkey_verify(const struct sshkey *, const u_char *, size_t, const u_char *, size_t, const char *, u_int); int sshkey_check_sigtype(const u_char *, size_t, const char *); +const char *sshkey_sigalg_by_name(const char *); /* for debug */ void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); |