From 8265defcc424a6bcacc291ceb20581708d563c6f Mon Sep 17 00:00:00 2001 From: djm Date: Wed, 8 Mar 2023 00:05:58 +0000 Subject: [PATCH] use RSA/SHA256 when testing usability of private key in agent; with/ok dtucker --- usr.bin/ssh/ssh-add.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index 03afd1d1df5..6af24882e6c 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.166 2022/06/18 02:17:16 dtucker Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.167 2023/03/08 00:05:58 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -470,6 +470,7 @@ test_key(int agent_fd, const char *filename) { struct sshkey *key = NULL; u_char *sig = NULL; + const char *alg = NULL; size_t slen = 0; int r, ret = -1; char data[1024]; @@ -478,14 +479,16 @@ test_key(int agent_fd, const char *filename) error_r(r, "Couldn't read public key %s", filename); return -1; } + if (sshkey_type_plain(key->type) == KEY_RSA) + alg = "rsa-sha2-256"; arc4random_buf(data, sizeof(data)); if ((r = ssh_agent_sign(agent_fd, key, &sig, &slen, data, sizeof(data), - NULL, 0)) != 0) { + alg, 0)) != 0) { error_r(r, "Agent signature failed for %s", filename); goto done; } if ((r = sshkey_verify(key, sig, slen, data, sizeof(data), - NULL, 0, NULL)) != 0) { + alg, 0, NULL)) != 0) { error_r(r, "Signature verification failed for %s", filename); goto done; } -- 2.20.1