[git] GnuPG - branch, T3880, created. gnupg-2.2.6-3-g381c468
by Daniel Kahn Gillmor
cvs at cvs.gnupg.org
Tue Apr 10 00:12:13 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, T3880 has been created
at 381c46818ffa4605d0ca39818fe317de445eb6de (commit)
- Log -----------------------------------------------------------------
commit 381c46818ffa4605d0ca39818fe317de445eb6de
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Mon Apr 9 18:06:38 2018 -0400
agent: unknown flags on ssh signing requests cause an error.
* agent/command-ssh.c (ssh_handler_sign_request): if a flag is passed
during an signature request that we do not know how to apply, return
GPG_ERR_UNKNOWN_OPTION.
--
https://tools.ietf.org/html/draft-miller-ssh-agent-02#section-4.5 says:
If the agent does not support the requested flags, or is otherwise
unable or unwilling to generate the signature (e.g. because it
doesn't have the specified key, or the user refused confirmation of a
constrained key), it must reply with a SSH_AGENT_FAILURE message.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
GnuPG-bug-id: 3880
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 5317df5..ac67dd0 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -2864,7 +2864,7 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
unsigned char *sig = NULL;
size_t sig_n;
u32 data_size;
- u32 flags;
+ u32 flags, known_flags = 0;
gpg_error_t err;
gpg_error_t ret_err;
int hash_algo;
@@ -2890,6 +2890,7 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
if (spec.algo == GCRY_PK_RSA)
{
+ known_flags = SSH_AGENT_RSA_SHA2_256 | SSH_AGENT_RSA_SHA2_512;
if ((flags & SSH_AGENT_RSA_SHA2_256))
{
spec.ssh_identifier = "rsa-sha2-256";
@@ -2902,6 +2903,13 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
}
}
+ /* some flag is present that we do not know about. */
+ if (flags & ~known_flags)
+ {
+ err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
+ goto out;
+ }
+
hash_algo = spec.hash_algo;
if (!hash_algo)
hash_algo = GCRY_MD_SHA1; /* Use the default. */
commit 55435cdd4fe4fbfbcba1098bb715ecd6171ba2d8
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Thu Apr 5 11:49:44 2018 -0400
agent: change documentation reference for ssh-agent protocol.
* agent/command-ssh.c: repoint documentation reference.
--
Damien Miller is now documenting the ssh-agent protocol via the IETF.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index d1158e7..5317df5 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -27,8 +27,10 @@
RFC-4253 - Transport Layer Protocol
RFC-5656 - ECC support
- The protocol for the agent is defined in OpenSSH's PROTOCL.agent
- file.
+ The protocol for the agent is defined in:
+
+ https://tools.ietf.org/html/draft-miller-ssh-agent
+
*/
#include <config.h>
-----------------------------------------------------------------------
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list