Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
gpg2.25591
gnupg-gpg-agent-ssh-agent.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnupg-gpg-agent-ssh-agent.patch of Package gpg2.25591
Index: gnupg-2.2.5/agent/command-ssh.c =================================================================== --- gnupg-2.2.5.orig/agent/command-ssh.c +++ gnupg-2.2.5/agent/command-ssh.c @@ -27,8 +27,8 @@ RFC-4253 - Transport Layer Protocol RFC-5656 - ECC support - The protocol for the agent is defined in OpenSSH's PROTOCL.agent - file. + The protocol for the agent is defined in: + https://tools.ietf.org/html/draft-miller-ssh-agent */ #include <config.h> @@ -83,6 +83,8 @@ /* Other constants. */ #define SSH_DSA_SIGNATURE_PADDING 20 #define SSH_DSA_SIGNATURE_ELEMS 2 +#define SSH_AGENT_RSA_SHA2_256 0x02 +#define SSH_AGENT_RSA_SHA2_512 0x04 #define SPEC_FLAG_USE_PKCS1V2 (1 << 0) #define SPEC_FLAG_IS_ECDSA (1 << 1) #define SPEC_FLAG_IS_EdDSA (1 << 2) /*(lowercase 'd' on purpose.)*/ @@ -2860,7 +2862,6 @@ ssh_handler_sign_request (ctrl_t ctrl, e unsigned char *sig = NULL; size_t sig_n; u32 data_size; - u32 flags; gpg_error_t err; gpg_error_t ret_err; int hash_algo; @@ -2880,10 +2881,39 @@ ssh_handler_sign_request (ctrl_t ctrl, e if (err) goto out; - /* FIXME? */ - err = stream_read_uint32 (request, &flags); - if (err) - goto out; + /* Flag processing. */ + { + u32 flags; + + err = stream_read_uint32 (request, &flags); + if (err) + goto out; + + if (spec.algo == GCRY_PK_RSA) + { + if ((flags & SSH_AGENT_RSA_SHA2_512)) + { + flags &= ~SSH_AGENT_RSA_SHA2_512; + spec.ssh_identifier = "rsa-sha2-512"; + spec.hash_algo = GCRY_MD_SHA512; + } + if ((flags & SSH_AGENT_RSA_SHA2_256)) + { + /* Note: We prefer SHA256 over SHA512. */ + flags &= ~SSH_AGENT_RSA_SHA2_256; + spec.ssh_identifier = "rsa-sha2-256"; + spec.hash_algo = GCRY_MD_SHA256; + } + } + + /* Some flag is present that we do not know about. Note that + * processed or known flags have been cleared at this point. */ + if (flags) + { + err = gpg_error (GPG_ERR_UNKNOWN_OPTION); + goto out; + } + } hash_algo = spec.hash_algo; if (!hash_algo)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor