diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2015-12-07 20:04:10 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2015-12-07 20:04:10 +0000 |
| commit | 53e219cb7ddbe7fb59bb6cbc1ba3796421d665a6 (patch) | |
| tree | a212e2da8fe48d2de0ca58c0bbe9e0ffe64b7ee4 /usr.bin/ssh/ssh-rsa.c | |
| parent | cdc05c6a7318671bc1d9eecb9269e9244152f706 (diff) | |
stricter encoding type checks for ssh-rsa; ok djm@
Diffstat (limited to 'usr.bin/ssh/ssh-rsa.c')
| -rw-r--r-- | usr.bin/ssh/ssh-rsa.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/usr.bin/ssh/ssh-rsa.c b/usr.bin/ssh/ssh-rsa.c index 38c2153119c..e7ed90626fe 100644 --- a/usr.bin/ssh/ssh-rsa.c +++ b/usr.bin/ssh/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.55 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.56 2015/12/07 20:04:09 markus Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> * @@ -48,16 +48,12 @@ rsa_hash_alg_ident(int hash_alg) static int rsa_hash_alg_from_ident(const char *ident) { - if (ident == NULL || strlen(ident) == 0) - return SSH_DIGEST_SHA1; if (strcmp(ident, "ssh-rsa") == 0) return SSH_DIGEST_SHA1; if (strcmp(ident, "rsa-sha2-256") == 0) return SSH_DIGEST_SHA256; if (strcmp(ident, "rsa-sha2-512") == 0) return SSH_DIGEST_SHA512; - if (strncmp(ident, "ssh-rsa-cert", strlen("ssh-rsa-cert")) == 0) - return SSH_DIGEST_SHA1; return -1; } @@ -92,7 +88,11 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, if (sigp != NULL) *sigp = NULL; - hash_alg = rsa_hash_alg_from_ident(alg_ident); + if (alg_ident == NULL || strlen(alg_ident) == 0 || + strncmp(alg_ident, "ssh-rsa-cert", strlen("ssh-rsa-cert")) == 0) + hash_alg = SSH_DIGEST_SHA1; + else + hash_alg = rsa_hash_alg_from_ident(alg_ident); if (key == NULL || key->rsa == NULL || hash_alg == -1 || sshkey_type_plain(key->type) != KEY_RSA || BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) |