upstream: when using RSA keys to sign messages, select the

author djm@openbsd.org <djm@openbsd.org>

Tue, 26 Nov 2024 21:23:35 +0000 (21:23 +0000)

committer Damien Miller <djm@mindrot.org>

Tue, 26 Nov 2024 21:24:50 +0000 (08:24 +1100)
author djm@openbsd.org <djm@openbsd.org>
Tue, 26 Nov 2024 21:23:35 +0000 (21:23 +0000)
committer Damien Miller <djm@mindrot.org>
Tue, 26 Nov 2024 21:24:50 +0000 (08:24 +1100)
diff --git a/sshsig.c b/sshsig.c

index 470b286a3a982875a48a5262b7057c4710b17fed..289f3e72897e22fb743370ffa7e6f73bd72c0741 100644 (file)
--- a/sshsig.c
+++ b/sshsig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshsig.c,v 1.35 2024/03/08 22:16:32 djm Exp $ */
+/* $OpenBSD: sshsig.c,v 1.36 2024/11/26 21:23:35 djm Exp $ */
  /*
   * Copyright (c) 2019 Google LLC
   *
@@ -190,8 +190,13 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg,
         }
  
         /* If using RSA keys then default to a good signature algorithm */
-       if (sshkey_type_plain(key->type) == KEY_RSA)
+       if (sshkey_type_plain(key->type) == KEY_RSA) {
                 sign_alg = RSA_SIGN_ALG;
+               if (strcmp(hashalg, "sha256") == 0)
+                       sign_alg = "rsa-sha2-256";
+               else if (strcmp(hashalg, "sha512") == 0)
+                       sign_alg = "rsa-sha2-512";
+       }
  
         if (signer != NULL) {
                 if ((r = signer(key, &sig, &slen,
author	djm@openbsd.org <djm@openbsd.org>
	Tue, 26 Nov 2024 21:23:35 +0000 (21:23 +0000)
committer	Damien Miller <djm@mindrot.org>
	Tue, 26 Nov 2024 21:24:50 +0000 (08:24 +1100)