From cfe6fd95a77202a77ba552437ab0ead5ebd11316 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Thu, 4 May 2023 17:59:37 +0100 Subject: [PATCH] userauth: fix replacement of embedded with detached RSA cert. If you specify a detached certificate, it's supposed to completely replace any certificate that might have been embedded in the input PPK file. But one thing wasn't working: if the key was RSA, and the server was using new SHA-2 based RSA, and the user provided both an embedded _and_ detached certificate, then the initial call to ssh2_userauth_signflags would upgrade the ssh-rsa-cert-... key type to rsa-sha2-NNN-cert-..., which ssh2_userauth_add_alg_and_publickey's call to ssh_keyalg_related_alg would not recognise as any of the base RSA types while trying to decide on the key algorithm string _after_ replacing the certificate. Fixed by reverting to the the uncertified base algorithm before calling ssh_keyalg_related_alg. --- ssh/userauth2-client.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ssh/userauth2-client.c b/ssh/userauth2-client.c index 750aed53..e68f6bde 100644 --- a/ssh/userauth2-client.c +++ b/ssh/userauth2-client.c @@ -2373,7 +2373,18 @@ static void ssh2_userauth_add_alg_and_publickey( ppl_logevent("Sending public key with certificate from \"%s\"", filename_to_str(s->detached_cert_file)); } - put_stringz(pkt, ssh_keyalg_related_alg(certalg, pkalg)->ssh_id); + { + /* Strip off any existing certificate-nature from pkalg, + * for the case where we're replacing a cert embedded in + * the key with the detached one. The second argument of + * ssh_keyalg_related_alg is expected to be one of the + * bare key algorithms, or nothing useful will happen. */ + const ssh_keyalg *pkalg_base = + pkalg->base_alg ? pkalg->base_alg : pkalg; + const ssh_keyalg *output_alg = + ssh_keyalg_related_alg(certalg, pkalg_base); + put_stringz(pkt, output_alg->ssh_id); + } put_stringpl(pkt, ptrlen_from_strbuf(s->detached_cert_blob)); done = true; goto out;