Attachment #3448 for bug #3213

Lines 34-40 Link Here

(-)compat.h.orig (-1 / +1 lines)
34		34
35	#define SSH_BUG_UTF8TTYMODE 0x00000001	35	#define SSH_BUG_UTF8TTYMODE 0x00000001
36	#define SSH_BUG_SIGTYPE 0x00000002	36	#define SSH_BUG_SIGTYPE 0x00000002
37	/* #define unused 0x00000004 */	37	#define SSH_BUG_SIGTYPE74 0x00000004
38	/* #define unused 0x00000008 */	38	/* #define unused 0x00000008 */
39	#define SSH_OLD_SESSIONID 0x00000010	39	#define SSH_OLD_SESSIONID 0x00000010
40	/* #define unused 0x00000020 */	40	/* #define unused 0x00000020 */

Lines 65-75 Link Here

(-)compat.c.orig (-1 / +2 lines)
65	{ "OpenSSH_6.5*,"	65	{ "OpenSSH_6.5*,"
66	"OpenSSH_6.6*", SSH_NEW_OPENSSH\|SSH_BUG_CURVE25519PAD\|	66	"OpenSSH_6.6*", SSH_NEW_OPENSSH\|SSH_BUG_CURVE25519PAD\|
67	SSH_BUG_SIGTYPE},	67	SSH_BUG_SIGTYPE},
		68	{ "OpenSSH_7.4*", SSH_NEW_OPENSSH\|SSH_BUG_SIGTYPE\|
		69	SSH_BUG_SIGTYPE74},
68	{ "OpenSSH_7.0*,"	70	{ "OpenSSH_7.0*,"
69	"OpenSSH_7.1*,"	71	"OpenSSH_7.1*,"
70	"OpenSSH_7.2*,"	72	"OpenSSH_7.2*,"
71	"OpenSSH_7.3*,"	73	"OpenSSH_7.3*,"
72	"OpenSSH_7.4*,"
73	"OpenSSH_7.5*,"	74	"OpenSSH_7.5*,"
74	"OpenSSH_7.6*,"	75	"OpenSSH_7.6*,"
75	"OpenSSH_7.7*", SSH_NEW_OPENSSH\|SSH_BUG_SIGTYPE},	76	"OpenSSH_7.7*", SSH_NEW_OPENSSH\|SSH_BUG_SIGTYPE},




			break;
	}
	free(oallowed);
	/*
	 * OpenSSH 7.4 supports SHA2 sig types, but fails to indicate its
	 * support.  For that release, check the local policy against the
	 * SHA2 signature types.
	 */
	if (alg == NULL &&
	    (key->type == KEY_RSA && (datafellows & SSH_BUG_SIGTYPE74))) {
		oallowed = allowed = xstrdup(options.pubkey_key_types);
		while ((cp = strsep(&allowed, ",")) != NULL) {
			if (sshkey_type_from_name(cp) != key->type)
				continue;
			tmp = match_list(sshkey_sigalg_by_name(cp), "rsa-sha2-256,rsa-sha2-512", NULL);
			if (tmp != NULL)
				alg = xstrdup(cp);
			free(tmp);
			if (alg != NULL)
				break;
		}
		free(oallowed);
	}
	return alg;
}


Return to bug 3213

Lines 1305-1310 Link Here

(-)sshconnect2.c.orig (+20 lines)
1305	break;	1305	break;
1306	}	1306	}
1307	free(oallowed);	1307	free(oallowed);
		1308	/*
		1309	* OpenSSH 7.4 supports SHA2 sig types, but fails to indicate its
		1310	* support. For that release, check the local policy against the
		1311	* SHA2 signature types.
		1312	*/
		1313	if (alg == NULL &&
		1314	(key->type == KEY_RSA && (datafellows & SSH_BUG_SIGTYPE74))) {
		1315	oallowed = allowed = xstrdup(options.pubkey_key_types);
		1316	while ((cp = strsep(&allowed, ",")) != NULL) {
		1317	if (sshkey_type_from_name(cp) != key->type)
		1318	continue;
		1319	tmp = match_list(sshkey_sigalg_by_name(cp), "rsa-sha2-256,rsa-sha2-512", NULL);
		1320	if (tmp != NULL)
		1321	alg = xstrdup(cp);
		1322	free(tmp);
		1323	if (alg != NULL)
		1324	break;
		1325	}
		1326	free(oallowed);
		1327	}
1308	return alg;	1328	return alg;
1309	}	1329	}
1310		1330