RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-18 07:30:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

upstream: add a helper function to match a key type to a list of

Browse Source 
signature algorithms. RSA keys can make signatures with multiple algorithms,
so some special handling is required. ok markus@

OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff
This commit is contained in:
djm@openbsd.org 2022-01-06 22:05:42 +00:00 committed by Damien Miller
parent 11e8c4309a
commit fdb1d58d0d
2 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
sshkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey.c,v 1.119 2021/07/23 03:37:52 djm Exp $ */
/* $OpenBSD: sshkey.c,v 1.120 2022/01/06 22:05:42 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@ -255,6 +255,29 @@ sshkey_ecdsa_nid_from_name(const char *name)
return -1;
}
int
sshkey_match_keyname_to_sigalgs(const char *keyname, const char *sigalgs)
{
int ktype;
if (sigalgs == NULL || *sigalgs == '\0' ||
(ktype = sshkey_type_from_name(keyname)) == KEY_UNSPEC)
return 0;
else if (ktype == KEY_RSA) {
return match_pattern_list("ssh-rsa", sigalgs, 0) == 1 ||
match_pattern_list("rsa-sha2-256", sigalgs, 0) == 1 ||
match_pattern_list("rsa-sha2-512", sigalgs, 0) == 1;
} else if (ktype == KEY_RSA_CERT) {
return match_pattern_list("ssh-rsa-cert-v01@openssh.com",
sigalgs, 0) == 1 ||
match_pattern_list("rsa-sha2-256-cert-v01@openssh.com",
sigalgs, 0) == 1 ||
match_pattern_list("rsa-sha2-512-cert-v01@openssh.com",
sigalgs, 0) == 1;
} else
return match_pattern_list(keyname, sigalgs, 0) == 1;
}
char *
sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
{

6
sshkey.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey.h,v 1.50 2021/07/23 03:37:52 djm Exp $ */
/* $OpenBSD: sshkey.h,v 1.51 2022/01/06 22:05:42 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -192,6 +192,10 @@ int sshkey_is_cert(const struct sshkey *);
int sshkey_is_sk(const struct sshkey *);
int sshkey_type_is_cert(int);
int sshkey_type_plain(int);
/* Returns non-zero if key name match sigalgs pattern list. (handles RSA) */
int sshkey_match_keyname_to_sigalgs(const char *, const char *);
int sshkey_to_certified(struct sshkey *);
int sshkey_drop_cert(struct sshkey *);
int sshkey_cert_copy(const struct sshkey *, struct sshkey *);