[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.5-46-g80b775b

by NIIBE Yutaka cvs at cvs.gnupg.org
Fri Apr 6 08:07:51 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  80b775bdbb852aa4a80292c9357e5b1876110c00 (commit)
      from  d27417d3a571739329a86d9f25212f2da0c8ff72 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 80b775bdbb852aa4a80292c9357e5b1876110c00
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Fri Apr 6 14:58:14 2018 +0900

    agent: Support SSH signature flags.
    
    * agent/command-ssh.c (SSH_AGENT_RSA_SHA2_256): New.
    (SSH_AGENT_RSA_SHA2_512): New.
    (ssh_handler_sign_request): Override SPEC when FLAGS
    is specified.
    
    --
    
    GnuPG-bug-id: 3880
    Reported-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 517231a..d1158e7 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -83,6 +83,8 @@
 /* Other constants.  */
 #define SSH_DSA_SIGNATURE_PADDING 20
 #define SSH_DSA_SIGNATURE_ELEMS    2
+#define SSH_AGENT_RSA_SHA2_256            0x02
+#define SSH_AGENT_RSA_SHA2_512            0x04
 #define SPEC_FLAG_USE_PKCS1V2 (1 << 0)
 #define SPEC_FLAG_IS_ECDSA    (1 << 1)
 #define SPEC_FLAG_IS_EdDSA    (1 << 2)  /*(lowercase 'd' on purpose.)*/
@@ -2880,11 +2882,24 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
   if (err)
     goto out;
 
-  /* FIXME?  */
   err = stream_read_uint32 (request, &flags);
   if (err)
     goto out;
 
+  if (spec.algo == GCRY_PK_RSA)
+    {
+      if ((flags & SSH_AGENT_RSA_SHA2_256))
+        {
+          spec.ssh_identifier = "rsa-sha2-256";
+          spec.hash_algo = GCRY_MD_SHA256;
+        }
+      else if ((flags & SSH_AGENT_RSA_SHA2_512))
+        {
+          spec.ssh_identifier = "rsa-sha2-512";
+          spec.hash_algo = GCRY_MD_SHA512;
+        }
+    }
+
   hash_algo = spec.hash_algo;
   if (!hash_algo)
     hash_algo = GCRY_MD_SHA1;  /* Use the default.  */

-----------------------------------------------------------------------

Summary of changes:
 agent/command-ssh.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list