Attachment #3527 for bug #3213

Lines 63-68 compat_banner(struct ssh ssh, const char version) Link Here

(-)a/compat.c (+2 lines)
63	{ "OpenSSH_6.5*,"	63	{ "OpenSSH_6.5*,"
64	"OpenSSH_6.6*", SSH_NEW_OPENSSH\|SSH_BUG_CURVE25519PAD\|	64	"OpenSSH_6.6*", SSH_NEW_OPENSSH\|SSH_BUG_CURVE25519PAD\|
65	SSH_BUG_SIGTYPE},	65	SSH_BUG_SIGTYPE},
		66	{ "OpenSSH_7.4*", SSH_NEW_OPENSSH\|SSH_BUG_SIGTYPE\|
		67	SSH_BUG_SIGTYPE74},
66	{ "OpenSSH_7.0*,"	68	{ "OpenSSH_7.0*,"
67	"OpenSSH_7.1*,"	69	"OpenSSH_7.1*,"
68	"OpenSSH_7.2*,"	70	"OpenSSH_7.2*,"

Lines 29-35 Link Here

(-)a/compat.h (-1 / +1 lines)
29		29
30	#define SSH_BUG_UTF8TTYMODE 0x00000001	30	#define SSH_BUG_UTF8TTYMODE 0x00000001
31	#define SSH_BUG_SIGTYPE 0x00000002	31	#define SSH_BUG_SIGTYPE 0x00000002
32	/* #define unused 0x00000004 */	32	#define SSH_BUG_SIGTYPE74 0x00000004
33	/* #define unused 0x00000008 */	33	/* #define unused 0x00000008 */
34	#define SSH_OLD_SESSIONID 0x00000010	34	#define SSH_OLD_SESSIONID 0x00000010
35	/* #define unused 0x00000020 */	35	/* #define unused 0x00000020 */

Lines 1175-1180 static char * Link Here

(-)a/sshconnect2.c (-1 / +10 lines)
1175	key_sig_algorithm(struct ssh ssh, const struct sshkey key)	1175	key_sig_algorithm(struct ssh ssh, const struct sshkey key)
1176	{	1176	{
1177	char allowed, oallowed, cp, tmp, *alg = NULL;	1177	char allowed, oallowed, cp, tmp, *alg = NULL;
		1178	const char *server_sig_algs;
1178		1179
1179	/*	1180	/*
1180	* The signature algorithm will only differ from the key algorithm	1181	* The signature algorithm will only differ from the key algorithm
Lines 1189-1194 key_sig_algorithm(struct ssh ssh, const struct sshkey key) Link Here
1189	options.pubkey_accepted_algos, NULL);	1190	options.pubkey_accepted_algos, NULL);
1190	}	1191	}
1191		1192
		1193	/*
		1194	* Workaround OpenSSH 7.4 bug: this version supports RSA/SHA-2 but
		1195	* fails to advertise it via SSH2_MSG_EXT_INFO.
		1196	*/
		1197	server_sig_algs = ssh->kex->server_sig_algs;
		1198	if (key->type == KEY_RSA && (ssh->compat & SSH_BUG_SIGTYPE74))
		1199	server_sig_algs = "rsa-sha2-256,rsa-sha2-512";
		1200
1192	/*	1201	/*
1193	* For RSA keys/certs, since these might have a different sig type:	1202	* For RSA keys/certs, since these might have a different sig type:
1194	* find the first entry in PubkeyAcceptedAlgorithms of the right type	1203	* find the first entry in PubkeyAcceptedAlgorithms of the right type
Lines 1200-1206 key_sig_algorithm(struct ssh ssh, const struct sshkey key) Link Here
1200	if (sshkey_type_from_name(cp) != key->type)	1209	if (sshkey_type_from_name(cp) != key->type)
1201	continue;	1210	continue;
1202	tmp = match_list(sshkey_sigalg_by_name(cp),	1211	tmp = match_list(sshkey_sigalg_by_name(cp),
1203	ssh->kex->server_sig_algs, NULL);	1212	server_sig_algs, NULL);
1204	if (tmp != NULL)	1213	if (tmp != NULL)
1205	alg = xstrdup(cp);	1214	alg = xstrdup(cp);
1206	free(tmp);	1215	free(tmp);

Return to bug 3213