Pass flags from agent sign request to ssh_key_sign.

Now each public-key algorithm gets to indicate what flags it supports, and the ones it specifies support for may turn up in a call to its sign() method. We still don't actually support any flags yet, though.
2025-06-30 19:12:48 -05:00 · 2018-11-19 20:24:37 +00:00
parent 74f792e00b
commit 7d4a276fc1
7 changed files with 22 additions and 11 deletions
--- a/pageant.c
+++ b/pageant.c
@ -323,7 +323,7 @@ void pageant_handle_msg(BinarySink *bs,
 	    struct ssh2_userkey *key;
            ptrlen keyblob, sigdata;
            strbuf *signature;
-            uint32_t flags;
+            uint32_t flags, supported_flags;

            plog(logctx, logfn, "request: SSH2_AGENTC_SIGN_REQUEST");

@ -366,20 +366,22 @@ void pageant_handle_msg(BinarySink *bs,
            else
                plog(logctx, logfn, "no signature flags");

-            if (flags) {
+            supported_flags = ssh_key_alg(key->key)->supported_flags;
+            if (flags & ~supported_flags) {
                /*
                 * We MUST reject any message containing flags we
                 * don't understand.
                 */
                char *msg = dupprintf(
-                    "unsupported flag bits 0x%08"PRIx32, flags);
+                    "unsupported flag bits 0x%08"PRIx32,
+                    flags & ~supported_flags);
                pageant_failure_msg(bs, msg, logctx, logfn);
                sfree(msg);
                return;
            }

            signature = strbuf_new();
-            ssh_key_sign(key->key, sigdata.ptr, sigdata.len,
+            ssh_key_sign(key->key, sigdata.ptr, sigdata.len, flags,
                         BinarySink_UPCAST(signature));

            put_byte(bs, SSH2_AGENT_SIGN_RESPONSE);