lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-11-20 02:42:09 +03:00
Code Activity

Legacy Agent support for rsa2 key upgrading/downgrading #659 (#662)

Browse Source 
Files: libssh2.h, agent.c, userauth.c

Notes:
Part 2 of the fix for #659. This adds rsa key downgrading for agents that don't support sha2 upgrading. It also adds better trace output for debugging/logging around key upgrading.

Credit:
Will Cosgrove (signed off by Michael Buckley)
This commit is contained in:
Will Cosgrove
2022-01-14 11:55:18 -08:00
committed by GitHub
parent 50a1262772
commit de7a74aff2
3 changed files with 62 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/agent.c
View File

@@ -379,6 +379,7 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
ssize_t method_len;
unsigned char *s;
int rc;
unsigned char *method_name = NULL;
uint32_t sign_flags = 0;
/* Create a request to sign the data */
@@ -465,8 +466,28 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
goto error;
}
/* method name */
method_name = LIBSSH2_ALLOC(session, method_len);
if(!method_name) {
rc = LIBSSH2_ERROR_ALLOC;
goto error;
}
memcpy(method_name, s, method_len);
s += method_len;
/* check to see if we match requested */
if((size_t)method_len != session->userauth_pblc_method_len ||
memcmp(method_name, session->userauth_pblc_method, method_len)) {
_libssh2_debug(session,
LIBSSH2_TRACE_KEX,
"Agent sign method %.*s",
method_len, method_name);
rc = LIBSSH2_ERROR_ALGO_UNSUPPORTED;
goto error;
}
/* Read the signature */
len -= 4;
if(len < 0) {
@@ -489,12 +510,18 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
memcpy(*sig, s, *sig_len);
error:
if(method_name)
LIBSSH2_FREE(session, method_name);
LIBSSH2_FREE(session, transctx->request);
transctx->request = NULL;
LIBSSH2_FREE(session, transctx->response);
transctx->response = NULL;
transctx->state = agent_NB_state_init;
return _libssh2_error(session, rc, "agent sign failure");
}