upstream commit
pass negotiated signing algorithm though to
sshkey_verify() and check that the negotiated algorithm matches the type in
the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 02f9b3f..d2736ee 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.308 2017/11/03 05:14:04 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.309 2017/12/18 02:25:15 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -539,7 +539,7 @@
/* try the key */
if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 ||
- sshkey_verify(key, sig, slen, data, sizeof(data), 0) != 0) {
+ sshkey_verify(key, sig, slen, data, sizeof(data), NULL, 0) != 0) {
sshkey_free(key);
free(sig);
return NULL;