[openssh-commits] [openssh] 02/02: upstream: test -Oprint-pubkey

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 2a2cd00783e1da45ee730b7f453408af1358ef5b
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Aug 11 08:55:04 2021 +0000

    upstream: test -Oprint-pubkey
    
    OpenBSD-Regress-ID: 3d51afb6d1f287975fb6fddd7a2c00a3bc5094e0
---
 regress/sshsig.sh | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/regress/sshsig.sh b/regress/sshsig.sh
index 29601361..fc300a8d 100644
--- a/regress/sshsig.sh
+++ b/regress/sshsig.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshsig.sh,v 1.6 2021/07/23 03:54:55 djm Exp $
+#	$OpenBSD: sshsig.sh,v 1.7 2021/08/11 08:55:04 djm Exp $
 #	Placed in the Public Domain.
 
 tid="sshsig"
@@ -64,6 +64,17 @@ for t in $SIGNKEYS; do
 		< $DATA >/dev/null 2>&1 || \
 		fail "failed signature for $t key w/ limited namespace"
 
+	(printf "$sig_principal namespaces=\"$sig_namespace,whatever\" ";
+	 cat $pubkey) > $OBJ/allowed_signers
+	${SSHKEYGEN} -q -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		-O print-pubkey \
+		< $DATA | cut -d' ' -f1-2 > ${OBJ}/${keybase}-fromsig.pub || \
+		fail "failed signature for $t key w/ print-pubkey"
+	cut -d' ' -f1-2 ${OBJ}/${keybase}.pub > ${OBJ}/${keybase}-strip.pub
+	diff -r ${OBJ}/${keybase}-strip.pub ${OBJ}/${keybase}-fromsig.pub || \
+		fail "print-pubkey differs from signature key"
+
 	# Invalid option
 	(printf "$sig_principal octopus " ; cat $pubkey) > $OBJ/allowed_signers
 	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.