upstream commit

pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
author: djm@openbsd.org <djm@openbsd.org> 2017-12-18 02:25:15 +0000
committer: Damien Miller <djm@mindrot.org> 2017-12-19 15:21:37 +1100
commit: 04c7e28f83062dc42f2380d1bb3a6bf0190852c0 (patch)
tree: bc2c59d39a33aba84e0576039474668ada2546d2 /auth2-pubkey.c
parent: 931c78dfd7fe30669681a59e536bbe66535f3ee9 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 169839b01..0707b8ab3 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.71 2017/09/07 23:48:09 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.72 2017/12/18 02:25:15 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -198,7 +198,7 @@ userauth_pubkey(struct ssh *ssh)
                authenticated = 0;
                if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) &&
                    PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b),
-                    sshbuf_len(b), ssh->compat)) == 0) {
+                    sshbuf_len(b), pkalg, ssh->compat)) == 0) {
                        authenticated = 1;
                }
                sshbuf_free(b);
author	djm@openbsd.org <djm@openbsd.org>	2017-12-18 02:25:15 +0000
committer	Damien Miller <djm@mindrot.org>	2017-12-19 15:21:37 +1100
commit	04c7e28f83062dc42f2380d1bb3a6bf0190852c0 (patch)
tree	bc2c59d39a33aba84e0576039474668ada2546d2 /auth2-pubkey.c
parent	931c78dfd7fe30669681a59e536bbe66535f3ee9 (diff)

diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 169839b01..0707b8ab3 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth2-pubkey.c,v 1.71 2017/09/07 23:48:09 djm Exp $ */	1	/* $OpenBSD: auth2-pubkey.c,v 1.72 2017/12/18 02:25:15 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -198,7 +198,7 @@ userauth_pubkey(struct ssh *ssh)
198	authenticated = 0;	198	authenticated = 0;
199	if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) &&	199	if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) &&
200	PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b),	200	PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b),
201	sshbuf_len(b), ssh->compat)) == 0) {	201	sshbuf_len(b), pkalg, ssh->compat)) == 0) {
202	authenticated = 1;	202	authenticated = 1;
203	}	203	}
204	sshbuf_free(b);	204	sshbuf_free(b);