[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.6-4-g9f69dbe
by Werner Koch
cvs at cvs.gnupg.org
Tue Apr 10 08:07:00 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-2 has been updated
via 9f69dbeb902ac447adbc92937cd451c4e909f234 (commit)
via 381c46818ffa4605d0ca39818fe317de445eb6de (commit)
via 55435cdd4fe4fbfbcba1098bb715ecd6171ba2d8 (commit)
from 30081d2851e06944a892a66b8f2d983a495a5686 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9f69dbeb902ac447adbc92937cd451c4e909f234
Author: Werner Koch <wk at gnupg.org>
Date: Tue Apr 10 07:59:52 2018 +0200
agent: Improve the unknown ssh flag detection.
* agent/command-ssh.c (ssh_handler_sign_request): Simplify detection
of flags.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index ac67dd0..20dc3fe 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -2864,7 +2864,6 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
unsigned char *sig = NULL;
size_t sig_n;
u32 data_size;
- u32 flags, known_flags = 0;
gpg_error_t err;
gpg_error_t ret_err;
int hash_algo;
@@ -2884,31 +2883,39 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
if (err)
goto out;
- err = stream_read_uint32 (request, &flags);
- if (err)
- goto out;
-
- if (spec.algo == GCRY_PK_RSA)
- {
- known_flags = SSH_AGENT_RSA_SHA2_256 | SSH_AGENT_RSA_SHA2_512;
- if ((flags & SSH_AGENT_RSA_SHA2_256))
- {
- spec.ssh_identifier = "rsa-sha2-256";
- spec.hash_algo = GCRY_MD_SHA256;
- }
- else if ((flags & SSH_AGENT_RSA_SHA2_512))
- {
- spec.ssh_identifier = "rsa-sha2-512";
- spec.hash_algo = GCRY_MD_SHA512;
- }
- }
+ /* Flag processing. */
+ {
+ u32 flags;
- /* some flag is present that we do not know about. */
- if (flags & ~known_flags)
- {
- err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
+ err = stream_read_uint32 (request, &flags);
+ if (err)
goto out;
- }
+
+ if (spec.algo == GCRY_PK_RSA)
+ {
+ if ((flags & SSH_AGENT_RSA_SHA2_512))
+ {
+ flags &= ~SSH_AGENT_RSA_SHA2_512;
+ spec.ssh_identifier = "rsa-sha2-512";
+ spec.hash_algo = GCRY_MD_SHA512;
+ }
+ if ((flags & SSH_AGENT_RSA_SHA2_256))
+ {
+ /* Note: We prefer SHA256 over SHA512. */
+ flags &= ~SSH_AGENT_RSA_SHA2_256;
+ spec.ssh_identifier = "rsa-sha2-256";
+ spec.hash_algo = GCRY_MD_SHA256;
+ }
+ }
+
+ /* Some flag is present that we do not know about. Note that
+ * processed or known flags have been cleared at this point. */
+ if (flags)
+ {
+ err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
+ goto out;
+ }
+ }
hash_algo = spec.hash_algo;
if (!hash_algo)
-----------------------------------------------------------------------
Summary of changes:
agent/command-ssh.c | 55 +++++++++++++++++++++++++++++++++++------------------
1 file changed, 36 insertions(+), 19 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list