upstream: process agent requests for RSA certificate private keys using
correct signature algorithm when requested. Patch from Jakub Jelen in bz3016
ok dtucker markus
OpenBSD-Commit-ID: 61f86efbeb4a1857a3e91298c1ccc6cf49b79624
diff --git a/ssh-agent.c b/ssh-agent.c
index 034f313..4669b67 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.234 2019/06/06 05:13:13 otto Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.235 2019/06/14 03:51:47 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -269,6 +269,11 @@
return "rsa-sha2-256";
else if (flags & SSH_AGENT_RSA_SHA2_512)
return "rsa-sha2-512";
+ } else if (key->type == KEY_RSA_CERT) {
+ if (flags & SSH_AGENT_RSA_SHA2_256)
+ return "rsa-sha2-256-cert-v01@openssh.com";
+ else if (flags & SSH_AGENT_RSA_SHA2_512)
+ return "rsa-sha2-512-cert-v01@openssh.com";
}
return NULL;
}