From 5758f88d2c65bcf62f0c24070a2bd73d0152af88 Mon Sep 17 00:00:00 2001 From: renmingshuai Date: Thu, 16 Feb 2023 09:56:15 +0800 Subject: [PATCH] Support rsa-sha2 agent flags --- backport-Support-rsa-sha2-agent-flags.patch | 63 +++++++++++++++++++++ libssh2.spec | 11 +++- 2 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 backport-Support-rsa-sha2-agent-flags.patch diff --git a/backport-Support-rsa-sha2-agent-flags.patch b/backport-Support-rsa-sha2-agent-flags.patch new file mode 100644 index 0000000..2837cff --- /dev/null +++ b/backport-Support-rsa-sha2-agent-flags.patch @@ -0,0 +1,63 @@ +From 50a1262772fd9cdbdd8f747958e42ef480aecb2b Mon Sep 17 00:00:00 2001 +From: Ian Hattendorf +Date: Thu, 13 Jan 2022 16:05:53 -0700 +Subject: [PATCH] Support rsa-sha2 agent flags (#661) + +File: agent.c +Notes: implements rsa-sha2 flags used to tell the agent which signing algo to use. + https://tools.ietf.org/id/draft-miller-ssh-agent-01.html#rfc.section.4.5.1 + +Credit: +Ian Hattendorf +Conflict:NA +Reference:https://github.com/libssh2/commit/50a1262772fd9cdbdd8f747958e42ef480aecb2b +--- + src/agent.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/src/agent.c b/src/agent.c +index a526c77..bce7175 100644 +--- a/src/agent.c ++++ b/src/agent.c +@@ -94,6 +94,10 @@ + #define SSH_AGENT_CONSTRAIN_LIFETIME 1 + #define SSH_AGENT_CONSTRAIN_CONFIRM 2 + ++/* Signature request methods */ ++#define SSH_AGENT_RSA_SHA2_256 2 ++#define SSH_AGENT_RSA_SHA2_512 4 ++ + #ifdef PF_UNIX + static int + agent_connect_unix(LIBSSH2_AGENT *agent) +@@ -375,6 +379,7 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, + ssize_t method_len; + unsigned char *s; + int rc; ++ uint32_t sign_flags = 0; + + /* Create a request to sign the data */ + if(transctx->state == agent_NB_state_init) { +@@ -391,7 +396,18 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, + _libssh2_store_str(&s, (const char *)data, data_len); + + /* flags */ +- _libssh2_store_u32(&s, 0); ++ if(session->userauth_pblc_method_len > 0 && ++ session->userauth_pblc_method) { ++ if(session->userauth_pblc_method_len == 12 && ++ !memcmp(session->userauth_pblc_method, "rsa-sha2-512", 12)) { ++ sign_flags = SSH_AGENT_RSA_SHA2_512; ++ } ++ else if(session->userauth_pblc_method_len == 12 && ++ !memcmp(session->userauth_pblc_method, "rsa-sha2-256", 12)) { ++ sign_flags = SSH_AGENT_RSA_SHA2_256; ++ } ++ } ++ _libssh2_store_u32(&s, sign_flags); + + transctx->request_len = s - transctx->request; + transctx->send_recv_total = 0; +-- +2.23.0 + diff --git a/libssh2.spec b/libssh2.spec index 348690e..a7092c7 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -1,6 +1,6 @@ Name: libssh2 Version: 1.10.0 -Release: 4 +Release: 5 Summary: A library implementing the SSH2 protocol License: BSD URL: https://www.libssh2.org/ @@ -8,7 +8,8 @@ Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz Patch0: backport-RSA-SHA2-256-512-key-upgrade-support-RFC-8332.patch Patch1: backport-misc-libssh2_copy_string-avoid-malloc-zero-bytes.patch -Patch2: sftp-Prevent-files-from-being-skipped-if-the-output.patch +Patch2: sftp-Prevent-files-from-being-skipped-if-the-output.patch +Patch3: backport-Support-rsa-sha2-agent-flags.patch BuildRequires: coreutils findutils /usr/bin/man zlib-devel BuildRequires: gcc make sed openssl-devel > 1:1.0.1 openssh-server @@ -88,6 +89,12 @@ LC_ALL=en_US.UTF-8 make -C tests check %{_mandir}/man3/libssh2_*.3* %changelog +* Thu Feb 16 2023 renmingshuai - 1.10.0-5 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Support rsa-sha2 agent flags + * Mon Oct 17 2022 zhangjun - 1.10.0-4 - Type:bugfix - ID:NA