|
Lines 1164-1169
input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
Link Here
|
| 1164 |
return r; |
1164 |
return r; |
| 1165 |
} |
1165 |
} |
| 1166 |
|
1166 |
|
|
|
1167 |
/* |
| 1168 |
* OpenSSH 7.4 supports SHA2 sig types, but fails to indicate its |
| 1169 |
* support. For that release, check the local policy against the |
| 1170 |
* SHA2 signature types. |
| 1171 |
*/ |
| 1172 |
static char * |
| 1173 |
key_sig_algorithm_compat(struct ssh *ssh, const struct sshkey *key) |
| 1174 |
{ |
| 1175 |
char *allowed, *oallowed, *cp, *tmp, *alg = NULL; |
| 1176 |
if ((key->type == KEY_RSA && (ssh->compat & SSH_BUG_SIGTYPE74))) { |
| 1177 |
oallowed = allowed = xstrdup(options.pubkey_accepted_algos); |
| 1178 |
while ((cp = strsep(&allowed, ",")) != NULL) { |
| 1179 |
if (sshkey_type_from_name(cp) != key->type) |
| 1180 |
continue; |
| 1181 |
tmp = match_list(sshkey_sigalg_by_name(cp), |
| 1182 |
"rsa-sha2-256,rsa-sha2-512", NULL); |
| 1183 |
if (tmp != NULL) |
| 1184 |
alg = xstrdup(cp); |
| 1185 |
free(tmp); |
| 1186 |
if (alg != NULL) |
| 1187 |
break; |
| 1188 |
} |
| 1189 |
free(oallowed); |
| 1190 |
} |
| 1191 |
return alg; |
| 1192 |
} |
| 1193 |
|
| 1167 |
/* |
1194 |
/* |
| 1168 |
* Select an algorithm for publickey signatures. |
1195 |
* Select an algorithm for publickey signatures. |
| 1169 |
* Returns algorithm (caller must free) or NULL if no mutual algorithm found. |
1196 |
* Returns algorithm (caller must free) or NULL if no mutual algorithm found. |
|
Lines 1208-1213
key_sig_algorithm(struct ssh *ssh, const struct sshkey *key)
Link Here
|
| 1208 |
break; |
1235 |
break; |
| 1209 |
} |
1236 |
} |
| 1210 |
free(oallowed); |
1237 |
free(oallowed); |
|
|
1238 |
if (alg == NULL) |
| 1239 |
alg = key_sig_algorithm_compat(ssh, key); |
| 1211 |
return alg; |
1240 |
return alg; |
| 1212 |
} |
1241 |
} |
| 1213 |
|
1242 |
|