Add rsa-sha2 certificates
Yegor Ievlev
koops1997 at gmail.com
Thu May 24 11:52:42 AEST 2018
This PR adds capability to create and use rsa-sha2 certificates.
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 49e71c8..69de09c 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -57,9 +57,11 @@ rsa_hash_alg_from_ident(const char *ident)
if (strcmp(ident, "ssh-rsa") == 0 ||
strcmp(ident, "ssh-rsa-cert-v01 at openssh.com") == 0)
return SSH_DIGEST_SHA1;
- if (strcmp(ident, "rsa-sha2-256") == 0)
+ if (strcmp(ident, "rsa-sha2-256") == 0 ||
+ strcmp(ident, "rsa-sha2-256-cert-v01 at openssh.com") == 0)
return SSH_DIGEST_SHA256;
- if (strcmp(ident, "rsa-sha2-512") == 0)
+ if (strcmp(ident, "rsa-sha2-512") == 0 ||
+ strcmp(ident, "rsa-sha2-512-cert-v01 at openssh.com") == 0)
return SSH_DIGEST_SHA512;
return -1;
}
diff --git a/sshkey.c b/sshkey.c
index 7712fba..2d43887 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -110,6 +110,8 @@ static const struct keytype keytypes[] = {
# endif /* OPENSSL_HAS_NISTP521 */
# endif /* OPENSSL_HAS_ECC */
{ "ssh-rsa-cert-v01 at openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1, 0 },
+ { "rsa-sha2-256-cert-v01 at openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1, 1 },
+ { "rsa-sha2-512-cert-v01 at openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1, 1 },
{ "ssh-dss-cert-v01 at openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1, 0 },
# ifdef OPENSSL_HAS_ECC
{ "ecdsa-sha2-nistp256-cert-v01 at openssh.com", "ECDSA-CERT",
Please set email of commit to koops1997+github at gmail.com and name to
Yegor Ievlev, so commit will be attributed to me on GitHub.
More information about the openssh-unix-dev
mailing list