From: djm@openbsd.org <djm@openbsd.org>
Date: Sat, 7 Feb 2026 02:02:00 +0000 (+0000)
Subject: upstream: bit of webauthn support missed in previous commit
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15fe1ceb29760d72398c6ac7df5a403416cba207;p=thirdparty%2Fopenssh-portable.git

upstream: bit of webauthn support missed in previous commit

OpenBSD-Commit-ID: 9768454543ded01b7c61567fc5b3e78664346be2
---

diff --git a/authfd.c b/authfd.c
index 2bbe646e3..9b103b524 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.136 2025/08/29 03:50:38 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.137 2026/02/07 02:02:00 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -437,8 +437,15 @@ ssh_agent_sign(int sock, const struct sshkey *key,
 	}
 	if ((r = sshbuf_get_string(msg, &sig, &len)) != 0)
 		goto out;
-	/* Check what we actually got back from the agent. */
-	if ((r = sshkey_check_sigtype(sig, len, alg)) != 0)
+	/*
+	 * Check what we actually got back from the agent, in case it returned
+	 * an incorrect RSA signature algorithm (e.g. "ssh-rsa" (RSA/SHA1) vs.
+	 * "rsa-sha2-256").
+	 * We don't do this for FIDO signatures as webauthn vs plain are just
+	 * different signature formats and not entirely different algorithms.
+	 */
+	if (!sshkey_is_sk(key) &&
+	    (r = sshkey_check_sigtype(sig, len, alg)) != 0)
 		goto out;
 	/* success */
 	*sigp = sig;