From a79ee11be4b925f5eff4b1df27b8bc2dc5dab044 Mon Sep 17 00:00:00 2001 From: djm Date: Wed, 8 Mar 2023 00:05:37 +0000 Subject: [PATCH] use RSA/SHA256 when testing usability of private key; based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker --- usr.bin/ssh/ssh-keygen.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 2091e6ee3d1..7900966402c 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.465 2023/03/05 09:24:35 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.466 2023/03/08 00:05:37 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -459,6 +459,7 @@ do_convert_private_ssh2(struct sshbuf *b) { struct sshkey *key = NULL; char *type, *cipher; + const char *alg = NULL; u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345"; int r, rlen, ktype; u_int magic, i1, i2, i3, i4; @@ -567,6 +568,7 @@ do_convert_private_ssh2(struct sshbuf *b) if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0) fatal_fr(r, "generate RSA parameters"); BN_clear_free(rsa_iqmp); + alg = "rsa-sha2-256"; break; } rlen = sshbuf_len(b); @@ -575,10 +577,10 @@ do_convert_private_ssh2(struct sshbuf *b) /* try the key */ if ((r = sshkey_sign(key, &sig, &slen, data, sizeof(data), - NULL, NULL, NULL, 0)) != 0) + alg, NULL, NULL, 0)) != 0) error_fr(r, "signing with converted key failed"); else if ((r = sshkey_verify(key, sig, slen, data, sizeof(data), - NULL, 0, NULL)) != 0) + alg, 0, NULL)) != 0) error_fr(r, "verification with converted key failed"); if (r != 0) { sshkey_free(key); -- 2.20.1