From 65d5eb9eddabb4fc22faf1e40c6372ef848696d6 Mon Sep 17 00:00:00 2001 From: djm Date: Thu, 6 Jan 2022 22:00:18 +0000 Subject: [PATCH] make ssh-keysign use the requested signature algorithm and not the default for the keytype. Part of unbreaking hostbased auth for RSA/SHA2 keys. ok markus@ --- usr.bin/ssh/ssh-keysign.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c index 1d7807ac651..ade85522ddd 100644 --- a/usr.bin/ssh/ssh-keysign.c +++ b/usr.bin/ssh/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.69 2021/11/13 17:26:13 deraadt Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.70 2022/01/06 22:00:18 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -57,7 +57,7 @@ extern char *__progname; static int -valid_request(struct passwd *pw, char *host, struct sshkey **ret, +valid_request(struct passwd *pw, char *host, struct sshkey **ret, char **pkalgp, u_char *data, size_t datalen) { struct sshbuf *b; @@ -70,6 +70,8 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret, if (ret != NULL) *ret = NULL; + if (pkalgp != NULL) + *pkalgp = NULL; fail = 0; if ((b = sshbuf_from(data, datalen)) == NULL) @@ -120,8 +122,6 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret, fail++; } else if (key->type != pktype) fail++; - free(pkalg); - free(pkblob); /* client host name, handle trailing dot */ if ((r = sshbuf_get_cstring(b, &p, &len)) != 0) @@ -152,8 +152,19 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret, if (fail) sshkey_free(key); - else if (ret != NULL) - *ret = key; + else { + if (ret != NULL) { + *ret = key; + key = NULL; + } + if (pkalgp != NULL) { + *pkalgp = pkalg; + pkalg = NULL; + } + } + sshkey_free(key); + free(pkalg); + free(pkblob); return (fail ? -1 : 0); } @@ -168,7 +179,7 @@ main(int argc, char **argv) struct passwd *pw; int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd; u_char *signature, *data, rver; - char *host, *fp; + char *host, *fp, *pkalg; size_t slen, dlen; if (pledge("stdio rpath getpw dns id", NULL) != 0) @@ -258,7 +269,7 @@ main(int argc, char **argv) if ((r = sshbuf_get_string(b, &data, &dlen)) != 0) fatal_r(r, "%s: buffer error", __progname); - if (valid_request(pw, host, &key, data, dlen) < 0) + if (valid_request(pw, host, &key, &pkalg, data, dlen) < 0) fatal("%s: not a valid request", __progname); free(host); @@ -279,7 +290,7 @@ main(int argc, char **argv) } if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, - NULL, NULL, NULL, 0)) != 0) + pkalg, NULL, NULL, 0)) != 0) fatal_r(r, "%s: sshkey_sign failed", __progname); free(data); -- 2.20.1