|
Jakub Jelen |
6a0769 |
--- compat.h.orig 2020-10-05 10:09:02.953505129 -0700
|
|
Jakub Jelen |
6a0769 |
+++ compat.h 2020-10-05 10:10:17.587733113 -0700
|
|
Jakub Jelen |
6a0769 |
@@ -34,7 +34,7 @@
|
|
Jakub Jelen |
6a0769 |
|
|
Jakub Jelen |
6a0769 |
#define SSH_BUG_UTF8TTYMODE 0x00000001
|
|
Jakub Jelen |
6a0769 |
#define SSH_BUG_SIGTYPE 0x00000002
|
|
Jakub Jelen |
6a0769 |
-/* #define unused 0x00000004 */
|
|
Jakub Jelen |
6a0769 |
+#define SSH_BUG_SIGTYPE74 0x00000004
|
|
Jakub Jelen |
6a0769 |
/* #define unused 0x00000008 */
|
|
Jakub Jelen |
6a0769 |
#define SSH_OLD_SESSIONID 0x00000010
|
|
Jakub Jelen |
6a0769 |
/* #define unused 0x00000020 */
|
|
Jakub Jelen |
6a0769 |
--- compat.c.orig 2020-10-05 10:25:02.088720562 -0700
|
|
Jakub Jelen |
6a0769 |
+++ compat.c 2020-10-05 10:13:11.637282492 -0700
|
|
Jakub Jelen |
6a0769 |
@@ -65,11 +65,12 @@
|
|
Jakub Jelen |
6a0769 |
{ "OpenSSH_6.5*,"
|
|
Jakub Jelen |
6a0769 |
"OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD|
|
|
Jakub Jelen |
6a0769 |
SSH_BUG_SIGTYPE},
|
|
Jakub Jelen |
6a0769 |
+ { "OpenSSH_7.4*", SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE|
|
|
Jakub Jelen |
6a0769 |
+ SSH_BUG_SIGTYPE74},
|
|
Jakub Jelen |
6a0769 |
{ "OpenSSH_7.0*,"
|
|
Jakub Jelen |
6a0769 |
"OpenSSH_7.1*,"
|
|
Jakub Jelen |
6a0769 |
"OpenSSH_7.2*,"
|
|
Jakub Jelen |
6a0769 |
"OpenSSH_7.3*,"
|
|
Jakub Jelen |
6a0769 |
- "OpenSSH_7.4*,"
|
|
Jakub Jelen |
6a0769 |
"OpenSSH_7.5*,"
|
|
Jakub Jelen |
6a0769 |
"OpenSSH_7.6*,"
|
|
Jakub Jelen |
6a0769 |
"OpenSSH_7.7*", SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE},
|
|
Jakub Jelen |
6a0769 |
--- sshconnect2.c.orig 2020-09-26 07:26:37.618010545 -0700
|
|
Jakub Jelen |
6a0769 |
+++ sshconnect2.c 2020-10-05 10:47:22.116315148 -0700
|
|
Jakub Jelen |
6a0769 |
@@ -1305,6 +1305,26 @@
|
|
Jakub Jelen |
6a0769 |
break;
|
|
Jakub Jelen |
6a0769 |
}
|
|
Jakub Jelen |
6a0769 |
free(oallowed);
|
|
Jakub Jelen |
6a0769 |
+ /*
|
|
Jakub Jelen |
6a0769 |
+ * OpenSSH 7.4 supports SHA2 sig types, but fails to indicate its
|
|
Jakub Jelen |
6a0769 |
+ * support. For that release, check the local policy against the
|
|
Jakub Jelen |
6a0769 |
+ * SHA2 signature types.
|
|
Jakub Jelen |
6a0769 |
+ */
|
|
Jakub Jelen |
6a0769 |
+ if (alg == NULL &&
|
|
Jakub Jelen |
25c16c |
+ (key->type == KEY_RSA && (ssh->compat & SSH_BUG_SIGTYPE74))) {
|
|
Jakub Jelen |
25c16c |
+ oallowed = allowed = xstrdup(options.pubkey_accepted_algos);
|
|
Jakub Jelen |
6a0769 |
+ while ((cp = strsep(&allowed, ",")) != NULL) {
|
|
Jakub Jelen |
6a0769 |
+ if (sshkey_type_from_name(cp) != key->type)
|
|
Jakub Jelen |
6a0769 |
+ continue;
|
|
Jakub Jelen |
6a0769 |
+ tmp = match_list(sshkey_sigalg_by_name(cp), "rsa-sha2-256,rsa-sha2-512", NULL);
|
|
Jakub Jelen |
6a0769 |
+ if (tmp != NULL)
|
|
Jakub Jelen |
6a0769 |
+ alg = xstrdup(cp);
|
|
Jakub Jelen |
6a0769 |
+ free(tmp);
|
|
Jakub Jelen |
6a0769 |
+ if (alg != NULL)
|
|
Jakub Jelen |
6a0769 |
+ break;
|
|
Jakub Jelen |
6a0769 |
+ }
|
|
Jakub Jelen |
6a0769 |
+ free(oallowed);
|
|
Jakub Jelen |
6a0769 |
+ }
|
|
Jakub Jelen |
6a0769 |
return alg;
|
|
Jakub Jelen |
6a0769 |
}
|
|
Jakub Jelen |
6a0769 |
|
|
Jakub Jelen |
6a0769 |
|