diff options
author | Erlang/OTP <[email protected]> | 2017-12-14 13:20:54 +0100 |
---|---|---|
committer | Erlang/OTP <[email protected]> | 2017-12-14 13:20:54 +0100 |
commit | d49cac2f423364c6f308fc7a63a83830c55f241a (patch) | |
tree | 8d6076cd86379165f56c8aadebae8d920c63ef1d /lib/ssh/src/ssh_auth.erl | |
parent | 44b09e036b31b29dddc3b178e8f6b9fc96a9a874 (diff) | |
parent | 8aeec7d6748dab5924713b58e3011dc62d331fa5 (diff) | |
download | otp-d49cac2f423364c6f308fc7a63a83830c55f241a.tar.gz otp-d49cac2f423364c6f308fc7a63a83830c55f241a.tar.bz2 otp-d49cac2f423364c6f308fc7a63a83830c55f241a.zip |
Merge branch 'hans/ssh/openssh_client_pubkey_sha2/ERL-531/OTP-14827' into maint-20
* hans/ssh/openssh_client_pubkey_sha2/ERL-531/OTP-14827:
ssh: Special treatment of OpenSSH clients >= 7.2 rsa-sha2-* public keys
Diffstat (limited to 'lib/ssh/src/ssh_auth.erl')
-rw-r--r-- | lib/ssh/src/ssh_auth.erl | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 894877f8bf..03d264745b 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -304,11 +304,10 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, SigWLen/binary>> }, SessionId, - #ssh{opts = Opts, - userauth_supported_methods = Methods} = Ssh) -> + #ssh{userauth_supported_methods = Methods} = Ssh) -> case verify_sig(SessionId, User, "ssh-connection", - BAlg, KeyBlob, SigWLen, Opts) of + BAlg, KeyBlob, SigWLen, Ssh) of true -> {authorized, User, ssh_transport:ssh_packet( @@ -518,7 +517,7 @@ pre_verify_sig(User, KeyBlob, Opts) -> false end. -verify_sig(SessionId, User, Service, AlgBin, KeyBlob, SigWLen, Opts) -> +verify_sig(SessionId, User, Service, AlgBin, KeyBlob, SigWLen, #ssh{opts = Opts} = Ssh) -> try Alg = binary_to_list(AlgBin), {KeyCb,KeyCbOpts} = ?GET_OPT(key_cb, Opts), @@ -529,7 +528,7 @@ verify_sig(SessionId, User, Service, AlgBin, KeyBlob, SigWLen, Opts) -> <<?UINT32(AlgSigLen), AlgSig:AlgSigLen/binary>> = SigWLen, <<?UINT32(AlgLen), _Alg:AlgLen/binary, ?UINT32(SigLen), Sig:SigLen/binary>> = AlgSig, - ssh_transport:verify(PlainText, ssh_transport:sha(Alg), Sig, Key) + ssh_transport:verify(PlainText, ssh_transport:sha(Alg), Sig, Key, Ssh) catch _:_ -> false |