diff options
| author |   djm <djm@openbsd.org> | 2018-07-03 13:20:25 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2018-07-03 13:20:25 +0000 |
| commit | d443285fb583f28c1e5ba1b3f0dc5405648b7e71 (patch) | |
| tree | 9a80bce72fe66ede9fad1fa45b177782f297aaf8 | |
| parent | check correct variable; unbreak agent keys (diff) | |
| download | wireguard-openbsd-d443285fb583f28c1e5ba1b3f0dc5405648b7e71.tar.xz wireguard-openbsd-d443285fb583f28c1e5ba1b3f0dc5405648b7e71.zip | |
some finesse to fix RSA-SHA2 certificate authentication for certs
hosted in ssh-agent
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/sshkey.c | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/sshkey.h | 3 |
3 files changed, 12 insertions, 8 deletions
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 4593494cea2..45b91166af5 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.273 2018/07/03 13:07:58 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.274 2018/07/03 13:20:25 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -988,7 +988,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) static char * key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) { - char *allowed, *oallowed, *cp, *alg = NULL; + char *allowed, *oallowed, *cp, *tmp, *alg = NULL; /* * The signature algorithm will only differ from the key algorithm @@ -1012,7 +1012,10 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) while ((cp = strsep(&allowed, ",")) != NULL) { if (sshkey_type_from_name(cp) != key->type) continue; - alg = match_list(cp, ssh->kex->server_sig_algs, NULL); + tmp = match_list(sshkey_sigalg_by_name(cp), ssh->kex->server_sig_algs, NULL); + if (tmp != NULL) + alg = xstrdup(cp); + free(tmp); if (alg != NULL) break; } diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c index e9c641ad3f7..a1d4b1e2e5a 100644 --- a/usr.bin/ssh/sshkey.c +++ b/usr.bin/ssh/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.65 2018/07/03 11:39:54 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.66 2018/07/03 13:20:25 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2198,8 +2198,8 @@ get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) /* * Returns the expected signature algorithm for a given public key algorithm. */ -static const char * -sigalg_by_name(const char *name) +const char * +sshkey_sigalg_by_name(const char *name) { const struct keytype *kt; @@ -2230,7 +2230,7 @@ sshkey_check_sigtype(const u_char *sig, size_t siglen, if (requested_alg == NULL) return 0; - if ((expected_alg = sigalg_by_name(requested_alg)) == NULL) + if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL) return SSH_ERR_INVALID_ARGUMENT; if ((r = get_sigtype(sig, siglen, &sigtype)) != 0) return r; diff --git a/usr.bin/ssh/sshkey.h b/usr.bin/ssh/sshkey.h index 023cc431437..75b36dc4742 100644 --- a/usr.bin/ssh/sshkey.h +++ b/usr.bin/ssh/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.25 2018/07/03 11:39:54 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.26 2018/07/03 13:20:25 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -190,6 +190,7 @@ int sshkey_sign(const struct sshkey *, u_char **, size_t *, int sshkey_verify(const struct sshkey *, const u_char *, size_t, const u_char *, size_t, const char *, u_int); int sshkey_check_sigtype(const u_char *, size_t, const char *); +const char *sshkey_sigalg_by_name(const char *); /* for debug */ void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); |