upstream commit
pass negotiated signing algorithm though to
sshkey_verify() and check that the negotiated algorithm matches the type in
the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
diff --git a/sshkey.h b/sshkey.h
index b5346a9..7efa16f 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.22 2017/12/18 02:22:29 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.23 2017/12/18 02:25:15 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -178,7 +178,7 @@
int sshkey_sign(const struct sshkey *, u_char **, size_t *,
const u_char *, size_t, const char *, u_int);
int sshkey_verify(const struct sshkey *, const u_char *, size_t,
- const u_char *, size_t, u_int);
+ const u_char *, size_t, const char *, u_int);
/* for debug */
void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *);
@@ -205,7 +205,8 @@
u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
const char *ident);
int ssh_rsa_verify(const struct sshkey *key,
- const u_char *sig, size_t siglen, const u_char *data, size_t datalen);
+ const u_char *sig, size_t siglen, const u_char *data, size_t datalen,
+ const char *alg);
int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
const u_char *data, size_t datalen, u_int compat);
int ssh_dss_verify(const struct sshkey *key,