tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: some finesse to fix RSA-SHA2 certificate authentication 

for certs hosted in ssh-agent

OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f
This commit is contained in:
djm@openbsd.org 2018-07-03 13:20:25 +00:00 committed by Damien Miller
parent d78b75df4a
commit b4d4eda633
3 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sshconnect2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.273 2018/07/03 13:07:58 djm Exp $ */ /* $OpenBSD: sshconnect2.c,v 1.274 2018/07/03 13:20:25 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved.
@ -996,7 +996,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
static char * static char *
key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) key_sig_algorithm(struct ssh *ssh, const struct sshkey *key)
{ {
char *allowed, *oallowed, *cp, *alg = NULL; char *allowed, *oallowed, *cp, *tmp, *alg = NULL;
/* /*
* The signature algorithm will only differ from the key algorithm * The signature algorithm will only differ from the key algorithm
@ -1020,7 +1020,10 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key)
while ((cp = strsep(&allowed, ",")) != NULL) { while ((cp = strsep(&allowed, ",")) != NULL) {
if (sshkey_type_from_name(cp) != key->type) if (sshkey_type_from_name(cp) != key->type)
continue; continue;
alg = match_list(cp, ssh->kex->server_sig_algs, NULL); tmp = match_list(sshkey_sigalg_by_name(cp), ssh->kex->server_sig_algs, NULL);
if (tmp != NULL)
alg = xstrdup(cp);
free(tmp);
if (alg != NULL) if (alg != NULL)
break; break;
} }

8
sshkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey.c,v 1.65 2018/07/03 11:39:54 djm Exp $ */ /* $OpenBSD: sshkey.c,v 1.66 2018/07/03 13:20:25 djm Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@ -2244,8 +2244,8 @@ get_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
/* /*
* Returns the expected signature algorithm for a given public key algorithm. * Returns the expected signature algorithm for a given public key algorithm.
*/ */
static const char * const char *
sigalg_by_name(const char *name) sshkey_sigalg_by_name(const char *name)
{ {
const struct keytype *kt; const struct keytype *kt;
@ -2276,7 +2276,7 @@ sshkey_check_sigtype(const u_char *sig, size_t siglen,
if (requested_alg == NULL) if (requested_alg == NULL)
return 0; return 0;
if ((expected_alg = sigalg_by_name(requested_alg)) == NULL) if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL)
return SSH_ERR_INVALID_ARGUMENT; return SSH_ERR_INVALID_ARGUMENT;
if ((r = get_sigtype(sig, siglen, &sigtype)) != 0) if ((r = get_sigtype(sig, siglen, &sigtype)) != 0)
return r; return r;

3
sshkey.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey.h,v 1.25 2018/07/03 11:39:54 djm Exp $ */ /* $OpenBSD: sshkey.h,v 1.26 2018/07/03 13:20:25 djm Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -196,6 +196,7 @@ int sshkey_sign(const struct sshkey *, u_char **, size_t *,
int sshkey_verify(const struct sshkey *, const u_char *, size_t, int sshkey_verify(const struct sshkey *, const u_char *, size_t,
const u_char *, size_t, const char *, u_int); const u_char *, size_t, const char *, u_int);
int sshkey_check_sigtype(const u_char *, size_t, const char *); int sshkey_check_sigtype(const u_char *, size_t, const char *);
const char *sshkey_sigalg_by_name(const char *);
/* for debug */ /* for debug */
void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *);