| version 1.347, 2021/04/03 06:18:41 |
version 1.348, 2021/06/06 03:40:39 |
|
|
| key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) |
key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) |
| { |
{ |
| char *allowed, *oallowed, *cp, *tmp, *alg = NULL; |
char *allowed, *oallowed, *cp, *tmp, *alg = NULL; |
| |
const char *server_sig_algs; |
| |
|
| /* |
/* |
| * The signature algorithm will only differ from the key algorithm |
* The signature algorithm will only differ from the key algorithm |
|
|
| } |
} |
| |
|
| /* |
/* |
| |
* Workaround OpenSSH 7.4 bug: this version supports RSA/SHA-2 but |
| |
* fails to advertise it via SSH2_MSG_EXT_INFO. |
| |
*/ |
| |
server_sig_algs = ssh->kex->server_sig_algs; |
| |
if (key->type == KEY_RSA && (ssh->compat & SSH_BUG_SIGTYPE74)) |
| |
server_sig_algs = "rsa-sha2-256,rsa-sha2-512"; |
| |
|
| |
/* |
| * For RSA keys/certs, since these might have a different sig type: |
* For RSA keys/certs, since these might have a different sig type: |
| * find the first entry in PubkeyAcceptedAlgorithms of the right type |
* find the first entry in PubkeyAcceptedAlgorithms of the right type |
| * that also appears in the supported signature algorithms list from |
* that also appears in the supported signature algorithms list from |
|
|
| if (sshkey_type_from_name(cp) != key->type) |
if (sshkey_type_from_name(cp) != key->type) |
| continue; |
continue; |
| tmp = match_list(sshkey_sigalg_by_name(cp), |
tmp = match_list(sshkey_sigalg_by_name(cp), |
| ssh->kex->server_sig_algs, NULL); |
server_sig_algs, NULL); |
| if (tmp != NULL) |
if (tmp != NULL) |
| alg = xstrdup(cp); |
alg = xstrdup(cp); |
| free(tmp); |
free(tmp); |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshconnect2.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh